Using the NT native function NtCreateFile it's possible to open a file by id using the FILE_OPEN_BY_FILE_ID create option. However, in doing so the DELETE access flag appears to be ignored. If I set it the file will open fine but any attempt to delete or rename the file will fail (e.g. by settings FILE_DELETE_ON_CLOSE or using the FILE_RENAME_INFORMATION class with NtSetInformationFile).
Is it impossible to delete a file opened this way? Is there some other way to delete a file by id instead of name?
i look for ntfs-4 source code and view say next code in NtfsSetRenameInfo
//
// Do a quick check that the caller is allowed to do the rename.
// The opener must have opened the main data stream by name and this can't be
// a system file.
//
if (!FlagOn( Ccb->Flags, CCB_FLAG_OPEN_AS_FILE ) ||
(Lcb == NULL) ||
(NtfsSegmentNumber( &Fcb->FileReference ) < FIRST_USER_FILE_NUMBER)) {
DebugTrace( -1, Dbg, ("NtfsSetRenameInfo: Exit -> %08lx\n", STATUS_INVALID_PARAMETER) );
return STATUS_INVALID_PARAMETER;
}
the same situation for FileDispositionInformation and FILE_DELETE_ON_CLOSE option (1)
if (FlagOn( Ccb->Flags, CCB_FLAG_DELETE_ON_CLOSE )) {
if (FlagOn( Ccb->Flags, CCB_FLAG_OPEN_AS_FILE )) {
so ntfs by some reason not allow rename or delete file if CCB_FLAG_OPEN_AS_FILE not set on file. (it not set when file opened by id)