Re: Windows shared folder not respecting NTFS filesystem permissions?
- From: "AllenM" <NoReply@xxxxxxxxxxx>
- Date: Fri, 28 Aug 2009 09:14:04 -0700
That is because you gave "READ" access to Everyone on the hare level. Share
security permissions will "always" superceed NTFS file permissions with the
"least" permissive access. That is why the standard for sharing folders is
to give "EVERYONE" FULL access at the share level then use NTFS permissions
to control the folder access.
"Susan Bradley" <sbradcpa@xxxxxxxxxxx> wrote in message
news:%23RVjoB8JKHA.1492@xxxxxxxxxxxxxxxxxxxxxxx
If you have inherent, why wouldn't you have rights to the contents of the
folder? I'm not following you?
The Basics of ACL Inheritance:
http://windowsitpro.com/article/articleid/97897/the-basics-of-acl-inheritance.html
http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsACLInheritance.html
When I share a folder with a certain permission, I expect that permission
to be respected underneath of it?
"From an administrator point of view, ACL inheritance simplifies access
control management. An administrator can set the ACL on a parent object
and, if inheritance is enabled, he shouldn?t need to set ACLs on each
child object"
Michael Sharman wrote:
I have discovered a quite disturbing issue with our Windows Server 2003
Small Business Server (SP2) concerning NTFS file permissions and shared
folders.
If I set up a share with an ACL that includes a user with full control
access to that share, as I understand it, if the underlying NTFS
permission doesn't grant access to a file, then this share ACL should not
override this.
Mysteriously, on our SBS 2003 install (but not on other Windows 2003
Server installs we have for testing purposes), the underlying NTFS ACL
seems to be being ignored, and once a share ACL gives write access to a
folder, it gives write access to *every* file, even if the NTFS file
permissions are explicitly set to provide read access only.
For for instance if I have a folder structure like the following:
(on \\server)
C:\Data - ACL: {Everyone: Read Only}
|
+-- File1.txt - ACL: inherit
+-- File2.txt - ACL: inherit
And then share this folder as \\server\Data with the share ACL set to
Everyone: Full Control, then if I write to the file
\\server\Data\File1.txt then I should get an access denied error because
although I've got write access via the share permissions I don't have
write access to the file object in the NTFS file system.
On our domain controller which is running Windows 2003 Small Business
Server with SP2 installed, with the scenario above is allowing access, in
fact it appears to be allowing access to any file access via a share
regardless of the NTFS file permissions?!
This seems wrong to me, and I checked on other windows installs we have
and they definitely do respect the NTFS permissions, giving an access
denied as I expected.
Is there something wrong with our server install, any ideas what could be
causing this behaviour, or how I could troubleshoot the problem?
Regards,
Michael
.
- References:
- Windows shared folder not respecting NTFS filesystem permissions?
- From: Michael Sharman
- Re: Windows shared folder not respecting NTFS filesystem permissions?
- From: Susan Bradley
- Windows shared folder not respecting NTFS filesystem permissions?
- Prev by Date: Re: Best practices monitoring
- Next by Date: Re: Best practices monitoring
- Previous by thread: Re: Windows shared folder not respecting NTFS filesystem permissions?
- Next by thread: Re: Windows shared folder not respecting NTFS filesystem permissions?
- Index(es):
Relevant Pages
|
Loading
