Re: Can It Be Done? - MDB Security
From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 05/28/04
- Next message: Jeff: "Domain Question"
- Previous message: Patrick Kremer: "Re: metrics = hops?"
- In reply to: Phillip Windell: "Re: Can It Be Done? - MDB Security"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 28 May 2004 18:43:22 GMT
On Thu, 27 May 2004 14:00:05 -0500, "Phillip Windell" <@.> wrote:
>Wouldn't you want to just remove Everyone from the list rather than
>explicitly "deny" them? Doing that would deny all users since all users are
>part of Everyone and this "explicit deny" would over-ride other permissions.
Everyone is a group, it's not "Every account on the system" so neither
removing Everyone from access or specifically denying Everyone will
actually stop every account from accessing the file.
But the real basis for the Deny is that a user may be a member of
another group that has explicit or inherited permissions to the
file/folder in question. With a Deny, everyone is denied access
explicitly. Which may again not be what is intended, since Everyone
is just a group anyway.
Better is to remove all access to the file/folder except for
administrators and the user in question. Watch for inherited rights
that may not be obvious. Put the users in a qroup that is allowed
access, then use the group account for access, that way changing
access is simply adding or removing users from the group.
Jeff
- Next message: Jeff: "Domain Question"
- Previous message: Patrick Kremer: "Re: metrics = hops?"
- In reply to: Phillip Windell: "Re: Can It Be Done? - MDB Security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
