2008-03-11

subinacl

It's an obscure (but utterly invaluable) tool that you have to go digging around to find on one of Microsoft's numerous download center/technet/msdn/what-the-hell-ever sites. It is absolutely necessary to have if you want to avoid a lot of sorrow and tragedy when dealing with the built-in stupidity called "NTFS access control".

Simply put, the only filesystem that Windows knows and loves, NTFS, was over-engineered to the point of absurdity so that you could, for example, create a folder on your hard drive that you and your mom could read from and write to, but that your grandmother could only read from, and which your family pet ("Sgt. Scruffy") could synchronize with his doggie smartphone. No joke.

No one outside of the Pentagon needs this kind of access. More to the point, this kind of access spits in the face of the conventional "me, us, everybody else" groups that have dominated the filesystem industry since the days of yore. NTFS considers its files and folders as objects, with all of the gooey OO concepts therein: children, parents, and, God help us all, inheritance.

Not recursion, mind you. Inheritance.

What this means is that when you dyke out an old drive and replace it with a new one, your carefully rsynced file trees may not be accessible by the new you once you've finished re-installing Windows. You wind up with orphaned FS objects that still hold allegiance with some long lost system SID that doesn't matter anymore because it's on some other drive that you ultimately want to repartition and use somewhere else.

So you have to tabula rasa the access control list that NTFS has created. The easiest way to do this is to just give everybody full control over everything.

This is phenomenally insecure. This also lets you get to your ones and zeroes like you know you should.

C:\> subinacl /subdirectories "E:\path\to\folder\that\is\locked\*.*" /grant=Everyone=F

The /subdirectories is a great flag, but it doesn't work on directories. Use *.* to work around it.

Once this recursively fixes your files and folders in a way that the built-in Windows GUI can't (or won't), you can finally get to your data.

And it was good.

posted at 10:19

2 comments:

Anonymous said...
This comment has been removed by a blog administrator.
Thu Feb 04, 01:14:00 PM PST
Unknown said...

Omg thank you I love you!

Wed Nov 18, 05:16:00 AM PST

Post a Comment

Subscribe to: Post Comments (Atom)