Re: Permissions question
- From: rrafiringa <rrafiringa.2gg0ws@xxxxxxxxxxxxx>
- Date: Sun, 29 Oct 2006 18:58:13 +0530
My configuration is similar to Manny's, but I usually allow the person
who creates the file to delete it by setting CREATOR OWNER to have only
the delete permission on the parent folder, otherwise I get a behavior
where saving a file becomes application specific. It would work for MS
Word 2003, requires the user to save twice with Excel, denies writing
the file in Adobe/Macromedia products.
In any case, the temp files created by these applications don't get
deleted, which can over time be a waste of space and confusing to the
users, since they often land in the same folder where the file is
saved. So... CREATOR OWNER->Explicit delete.
/*Rado*/
Manny Borges Wrote:
Ahh ! I see where the disconnect is.
Yes, remove creator owner and only list those explicit groups that
will
access the folder.
I apologise, I always rip all the permissions off first and then build
from
the ground up what is required.
--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master
There are 10 kinds of people in the world. Those who do understand
binary
and those who don't.
"Bill A" <BillA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B18E8F5D-9981-4CCB-B173-E2DBFFBD1738@xxxxxxxxxxxxxxxx
Manny:totally
Thanks for the quick reply.
I found that I have CREATOR OWNER conencted to that folder.
If I don't allow "delete" and "delete subfolders and files" or
remove CREATOR OWNER from the parent folder then the person whocreated
thethose
file can not delete it.
Do you have CREATOR OWNER permissions on that folder?
Bill A
"Manny Borges" wrote:
No that isn't how ownership works.
Ownership allows you to change the permissions on a file, but if an
explicit
deny is stated in the parent folder that denys deleting subfiles
thenfiles
can not be deleted unless the owner changes the permissions.
I tested on my own systems, and if you did exactly what I wrote down
thethe files should not be able to be deleted by anyone.
There is an old POSIX backdoor hole, and that is why you must go to
binaryparent folders special permssions and deny the delete child objects
permission.
--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master
There are 10 kinds of people in the world. Those who do understand
wantand those who don't.
"Bill A" <BillA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66FC6200-1B2A-494A-B751-C70A21A08C1A@xxxxxxxxxxxxxxxx
I have set it up that way and everything seems to work, except the
person
who
copied the file into the folder can still delete it. They don't
folder.that
person to be able to delete it once he places the file in the
the
The test files I have copied have been from a local hard drive on
theworkstation, but the owner who copied it can delete the file from
Denysub
folder. Someone else in the group can not delete it.
Am I missing something, or is this just the way ownership works?
Thanks
Bill A.
"Manny Borges" wrote:
On the parent folder :
Grant generic read access to the a group you have made for this
purpose.
Go to special permissions and allow create files/write data.
permissions.create
folder/append data and delete.
Any files copied into this directory will inherit the
understandAny file moved from within the same volume will not.
Thats just how inheritence works.
--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master
There are 10 kinds of people in the world. Those who do
2003binary
and those who don't.
"Bill A" <Bill A@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C9621B1-C0D6-4C90-80D9-C2D0E4900734@xxxxxxxxxxxxxxxx
I have a request for a folder within a share on a Windows Server
want 2in
a
Windows 2000 domain which contains 2 sub folders. The users
filesgroups
of
user permissions:
1 - Full Control over files in the sub folders. Obviously, no
problem.
2 - Allow users to copy files in the sub folders. See the
placedthat
are
in
those sub folders. Deny modify or delete them once they have
sharethe
files in the sub folders.
The folder exists in the root of a share that is a wide open
thiswhere
"All Employees" have full control over the share and they use
secondmapped
drive to share files with people in other offices. (We have 15
offices
on
our
frame network)
I have tried a number of ways to setup permissions on the
togroup,
but
have not been able to make it happen.
Any suggestions on how to set permissions on the second group
give
them
what they want.
Thanks in advance for your help.
--
rrafiringa
------------------------------------------------------------------------
rrafiringa's Profile: http://forums.techarena.in/member.php?userid=18734
View this thread: http://forums.techarena.in/showthread.php?t=495942
http://www.techarena.in
.
- Prev by Date: Re: Best Config for LAN
- Next by Date: Re: Can't Access Internet
- Previous by thread: Best Config for LAN
- Next by thread: Re: Can't Access Internet
- Index(es):
Relevant Pages
|
