11-17-2004 10:04 AM - edited 03-09-2019 09:28 AM
We have a server that we have deployed a File Access Control rule over a particular directory so that changes to files in that directory are denied. This works as intended for one exception.
1. Mount a windows share to the directory
2. Copy a local file to the share, overwriting an existing file
If you do those two steps, you have essentially "edited" the content of the file by replacing it with a different file of the same name. CSA reports NOTHING. CSA prohibits nothing. This is a major oversight of file access control.
Our deployment is operating in TEST mode so if you open/edit a file, CSA logs that the user would have been denied (intended result). If you mount a share and copy a file to the protected directory, OVERWRITING an existing file, CSA reports nothing.
If you replace an existing file (testfile.log), which has existing data, with a replacement (testfile.log) with "bogus" data, you have essentially edited that file, or rather replaced it, and the CSA "File Access
Control" / "Write" processes have no effect. That doesn't make any sense to me. No need to edit a file if you can outright replace it with one with data you wanted to edit, in the first place.
Has anyone else run into this bug? I have a TAC case opened to address this issue but am getting nowhere. Is there some different configuration rule I need to apply to control file overwrites?
We are able to overwrite any file and replace its data without CSA informing us of any events. Our File Access Control rule is currently for WRITE, not READ access to the directory.
11-17-2004 04:37 PM
Hi Chris,
Is your rule set to deny write access to remote clients? Mine is and it works as it is supposed to. Maybe I'm not doing it exactly the same way though...
11-17-2004 07:35 PM
try replacing deny with high priority deny
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide