Understanding Security Descriptor

[jamvaru]

$SECURITY_DESCRIPTOR

so far I have determined it to be the ntfs way of assigning permissions, such as which file is shared on the network, etc.

I'd be happy to know more. It seems this topic is sorely underappreciated.

My current question:

Using MyDefrag in windows I have noticed something new since using linux. It looks for unmovable files and now finds a huge amount of $SECURITY_DESCRIPTOR files that are unmovable. The operation takes 5 minutes to go through them all. And of course they are unmovable, so it impairs the defrag operation.

How can I safely remove the $SECURITY_DESCRIPTOR files and keep them gone?

I have read somewhere that it is possible by automounting the ntfs drive when you boot linux, using the 'inherit' flag, which I can not find a reference to in ftab or mount man pages.

Thanks for the help.

Any info on $SECURITY_DESCRIPTORs would be helpful.

[cariboo]

This didn't belong in Toots & Tips, moved to security discussions.

[jamvaru]

alright, so is there a tool for manipulating these?

[CharlesA]

Here you go:
http://www.mydefrag.com/forum/index....ic=4172.0;wap2
http://inform.pucp.edu.pe/~inf232/Nt...escriptor.html

Why not just use the Windows defrag utility?

[jamvaru]

because i prefer mydefrag, lol (windows utility is not customizable)

i found that page on mydefrag forums, too; i went into security for all my drives and made sure i had permission for everything, it ran through all the files and everything seems to be ok

the problem is with older versions of the linux ntfs protocol; the newer versions put the security descriptors all in one file; so if you are testing various versions of linux you might end up with a mess if you goof with your ntfs partitions

everything seems to be working just fine, now

still, i sort of expected a better answer, not "heres the technical crap for that"

id like to be able to manipulate my $security_descriptor data

how can i do that?