Re: Permissions question
- From: "Manny Borges" <manny_borges@xxxxxxxxxxx>
- Date: Mon, 17 Apr 2006 12:36:10 -0400
No that isn't how ownership works.
Ownership allows you to change the permissions on a file, but if an explicit
deny is stated in the parent folder that denys deleting subfiles those files
can not be deleted unless the owner changes the permissions.
I tested on my own systems, and if you did exactly what I wrote down then
the files should not be able to be deleted by anyone.
There is an old POSIX backdoor hole, and that is why you must go to the
parent folders special permssions and deny the delete child objects
permission.
--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master
There are 10 kinds of people in the world. Those who do understand binary
and those who don't.
"Bill A" <BillA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66FC6200-1B2A-494A-B751-C70A21A08C1A@xxxxxxxxxxxxxxxx
I have set it up that way and everything seems to work, except the person
who
copied the file into the folder can still delete it. They don't want that
person to be able to delete it once he places the file in the folder.
The test files I have copied have been from a local hard drive on the
workstation, but the owner who copied it can delete the file from the sub
folder. Someone else in the group can not delete it.
Am I missing something, or is this just the way ownership works?
Thanks
Bill A.
"Manny Borges" wrote:
On the parent folder :
Grant generic read access to the a group you have made for this purpose.
Go to special permissions and allow create files/write data. Deny create
folder/append data and delete.
Any files copied into this directory will inherit the permissions.
Any file moved from within the same volume will not.
Thats just how inheritence works.
--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master
There are 10 kinds of people in the world. Those who do understand binary
and those who don't.
"Bill A" <Bill A@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C9621B1-C0D6-4C90-80D9-C2D0E4900734@xxxxxxxxxxxxxxxx
I have a request for a folder within a share on a Windows Server 2003 in
a
Windows 2000 domain which contains 2 sub folders. The users want 2
groups
of
user permissions:
1 - Full Control over files in the sub folders. Obviously, no problem.
2 - Allow users to copy files in the sub folders. See the files that
are
in
those sub folders. Deny modify or delete them once they have placed
the
files in the sub folders.
The folder exists in the root of a share that is a wide open share
where
"All Employees" have full control over the share and they use this
mapped
drive to share files with people in other offices. (We have 15 offices
on
our
frame network)
I have tried a number of ways to setup permissions on the second group,
but
have not been able to make it happen.
Any suggestions on how to set permissions on the second group to give
them
what they want.
Thanks in advance for your help.
.
- Follow-Ups:
- Re: Permissions question
- From: Bill A
- Re: Permissions question
- References:
- Re: Permissions question
- From: Manny Borges
- Re: Permissions question
- From: Bill A
- Re: Permissions question
- Prev by Date: Re: Access is denied
- Next by Date: Re: Permissions question
- Previous by thread: Re: Permissions question
- Next by thread: Re: Permissions question
- Index(es):
Relevant Pages
|
