Re: Restricting rights on a file to system account
- From: Johni <john.silverdear@xxxxxxxxx>
- Date: Mon, 17 Nov 2008 03:54:28 -0800 (PST)
Thanks you.
I understand that it is impossible to forbid access to a file to the
computer administrator.
J.
On 16 nov, 18:20, "Jimmy Brush" <j...@xxxxxxxx> wrote:
Hello,
Ownership implies the ability to both read and write the security
permissions on a file, regardless of what permissions are actually present.
In addition to that, administrators have the ability to take ownership of
any securable object, and then, by resetting the security permissions,
gaining full control.
- JB
"Johni" <john.silverd...@xxxxxxxxx> wrote in message
news:62bb3282-404c-4238-8bfc-0f0c8e73319d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I try without success to set these ACLs on a file :
- SYSTEM has full access (my windows service is able to modify and
delete this file)
- EVERYONE has just read access, and so cannot delete it.
The problem is that it doesn't work as I want : the local
administrator is able to delete the file, and to change ACLs on the
file (and so can have all access on the file).
I don't understand why.
Even if I remove the EVERYONE entry, it doesn't change.
If I ask for effective permissions of the administrator local, I see
that he has read rights and modify acl rights.
Why ?
Does it deal with the owner attribute ?
Thanks.
J.- Masquer le texte des messages précédents -
- Afficher le texte des messages précédents -
.
- References:
- Restricting rights on a file to system account
- From: Johni
- Re: Restricting rights on a file to system account
- From: Jimmy Brush
- Restricting rights on a file to system account
- Prev by Date: Re: Restricting rights on a file to system account
- Next by Date: TEMP and TMP environment variables
- Previous by thread: Re: Restricting rights on a file to system account
- Next by thread: how to use write-attribute permission?
- Index(es):
Relevant Pages
|
