-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to disable virtual disk renaming? #1170
Comments
I haven't tried but I am pretty sure this is due to the default sddl (you can find the value in sys/dokan.h) allowing this. |
Sorry I haven't tried it myself from C# but there is indeed a Marshall allocation issue here |
Can you create an c++ example please? |
I would strongly suggest that you use .NET model objects for this as far as possible.
There could of course still be things that you need to call through P/Invoke depending on what you want to do. But in my experience, that is almost never needed. Does this help in your case? |
Thanks for the advice @LTRData! I tried to do it in .NET model objects but got the same exception. I also tried not setting a value in the VolumeSecurityDescriptorLength field - doesn't matter. |
Could you share some details about the exception you get? What type of exception and if there are any more details in it. |
Sure. Exception type is System.ArgumentException. Message: Type could not be marshaled because the length of an embedded array instance does not match the declared length in the layout. Stack trace: What other information might help? |
Ah okay I understand. I missed that part. You need to resize the array: |
Okay, one more exception. Type: DokanException. Message: Can't install the Dokan driver. Stack trace: |
Have you installed the Dokan setup package? Did you get any errors when you did that? What does the command |
Strange. Could it be some kind of version mismatch between the native dokan2.dll that gets loaded into your process and Dokan2 driver? I am unsure in this case. It looks like it should have worked. |
You were right. The Dokan Library version was 2.0.6.1, the Dokan version from Nuget in my project is 2.0.5.1. I uninstalled Dokan Library 2.0.6.1 then installed Dokan Library 2.0.5.1, but the problem is still there. |
If other C# sample work, it means your install is correct but the provided VolumeSecurity are incorrect and failed the mount. |
I see now that this problem happens with that security descriptor if added to the native memfs C sample as well.
I'll try to figure out what is going on here. (Also, please do not post screenshots as pictures here, copy and paste your code instead so that it is easier for others to try out the same thing without the need to type your code manually and risk mistakes. Thank you!) |
Okay, so the problem here is that the security descriptor does not allow anything which means that everything is disallowed, which causes dokan2.dll not to be able to open the volume using
But actually, you could skip denying delete actions because anything that is not explicitly allowed in this security descriptor will be denied automatically:
|
Great, it works! Thank you! But how to prevent drive renaming but allow all actions with all subdirectories and files? Because all security rights are inherited for all content I cannot rename or delete directories and create files. Ttried to add FileSystemRight.DeleteSubdirectoriesAndFiles. Also tried setting FullControl for all directories and files in the GetFileSecurity method. Another attempt is to use inheritance to all subdirectories and files when adding FileSystemRight.DeleteSubdirectoriesAndFiles. All attempts fail. Can you help me with this? I'm not strong with FileSystemRights yet. |
I found that the FileSystemRights.WriteData right disables disk renaming when it's denied. But it also prevent files to being created. I tried this but to no avail: |
I think you should try to allow everything and then deny delete, but make sure that the denial does not propagate to anything else (i.e. "this object only"). But I am not really sure. This is a kind of generic question about disk volume permissions. There could be discussions about it in other places that could be useful to read through. |
@stroev-ao Have you been able to resolve this issue ? |
No, the problem is not solved. The advice above from @LTRData did not help. |
Like I said in my last comment, this is a more kind of general question not Dokan specific and you might want to search for hints about how to do it in other places. I would assume that you would need to create an ACL with some propagating allow permissions for all users and then some non-propagating deny permissions specifically denying deletion. The inheritance parts of it are most important in this specific case. |
This does not interfere with the operation of the disk, but from a logical point of view, this should not be possible, since the disk name in my case is set remotely.
The text was updated successfully, but these errors were encountered: