Re: NTFS inherited permissions bug on W2K
From: Sam Greenfield (Sam_Greenfield@SIMAIL.COM)Date: 10/10/01
- Previous message: Fritz Öhman: "Re: NTFS inherited permissions bug on W2K"
- Maybe in reply to: Sam Greenfield: "NTFS inherited permissions bug on W2K"
- Next in thread: Ronald Beekelaar: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <OF05711434.7F2AC7B1-ON85256AE0.007F1A22@timeinc.com> Date: Tue, 9 Oct 2001 19:08:17 -0400 From: Sam Greenfield <Sam_Greenfield@SIMAIL.COM> Subject: Re: NTFS inherited permissions bug on W2K To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Russ makes some really good points regarding this issue.
His mention of Netware and MacOS is my fault; in a private
message I discussed how the W2K inheritance semantics differs
from Netware and MacOS inheritance semantics. Personally, I feel
it is relevant to this discussion as users who are accustomed to
Netware or MacOS servers must change their actions in order to
get the same file system behavior.
I definitely believe that there are some issues regarding
the inheritance feature. For example, I believe the behavior I
documented in my previous message certainly disagrees with the
intended behavior of the Microsoft support document:
http://support.microsoft.com/support/kb/articles/Q231/9/03.ASP
In fact, this document leads us to another interesting
feature regarding this issue. Working from the example I
provided before, you have two directories ("A" and "B") with
different ACLs. If you create a test item in "A" and move it
into "B" and inherited permissions are enabled, the test item in
"B" will retain "A"s permission. If you change the permissions
on "B" the test item's permissions will change to match the
permissions on "B". (This may be the behavior mentioned at the
end of a message by Fritz Ohman.)
At the very least, I believe that there is an interface
bug in Windows Explorer. When you see the inherit permissions
checkbox checked, it implies that the permissions of the item are
identical or stronger than the permissions of the parent item.
Of course, this is not necessarily the case.
I can certainly see why Russ and others do not feel that
the behavior we are discussing is a bug. Russ's references to
the Microsoft support documents were certainly interesting and
helpful. However, while it is true that inheritance has been
around since Windows NT 3.1, dynamic inheritance is a new feature
of Windows 2000.
Regardless of whether or not this behavior is a bug or a
documented feature, I do know that this behavior has caused and
will continue to cause our users consternation. My biggest fear
is that a user will inadvertently think they are protecting a
file by moving it to a more secure directory while in reality the
contents can still be modified.
Sam Greenfield
Senior System Engineer
Sports Illustrated
sam_greenfield@simail.com
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate
- Previous message: Fritz Öhman: "Re: NTFS inherited permissions bug on W2K"
- Maybe in reply to: Sam Greenfield: "NTFS inherited permissions bug on W2K"
- Next in thread: Ronald Beekelaar: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
