Corinna Vinschen wrote: > Hello, Corinna > > Isn't the impersonation token automatically read by OpenProcessToken() > when an impersonation took place?
I don't think so. > > Thus I suggest that we use the method of the patch for now, and think > > of improving is_grp_member if/as we get specific reports of problems. > > What do you think? > > Do you mean my one liner? If so, I agree. My patch is just a starting > point. - Has anybody reported problems with incorrect owner modes for a file owner different from the current process user? If not, I wouldn't even start writing code for it. We know it can't work all the time, and that to work assuming the default group membership, it needs mkgroup -u (or PDC lookup). Yesterday I checked that at a medium size company (~ 150 persons). There where a total of 1047 names in the gr_mem fields. getgroups32 scans them all, every time. That would be for every file stat. - I am a little bit confused by your patch. Your intention is to skip the token lookup if the file uid isn't that of the current user. You then fall to the bottom of getgroups32. But there the gid is ALWAYS included in the group list (because in the context of getgroups the gid is that of the user, not that of a file). Thus your small patch will always report that the uid is a member of the gid. > Could you then please resend the parts of your #1 patch we agreed upon? OK. Do you want to call is_grp_member all the time or only if the current user is the file owner? Pierre