Re: NTFS permissions isses

---

• From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
• Date: Sun, 4 Dec 2005 10:26:15 -0700

---

"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:61B9B46D-949A-43B5-B882-565AEC9D7657@xxxxxxxxxxxxxxxx
> "Roger Abell [MVP]" wrote:
>
>> What you describe happens only when moving files within a single
>> partition. When moving between partitions the old NTFS permissions
>> are alway entire abandoned with the moved objects having permissions
>> fully determined by where they have been moved into.
>
> In other words, as far as users (who after all don't have a direct view of
> a
> fileserver's partitioning-structure) see it, they are 'Playing a
> fruitmachine' on which the outcome of their actions is seemingly random
> and
> irrational.
>
> One of the strange paradoxes of Microsoft's design-policies is that on the
> one hand everything is made with Wizards so as to 'lead the user by the
> hand'
> even through fairly basic operations, and yet in fact, to be able to
> accurately predict the system's behaviour - instead of clicking and
> praying-
> demands a veritable rocket-scientist level of knowledge.
>
> I fully agree with the users here. While complexity is sometimes (but
> rarely) needed, there is no justification at all for this degree of
> _unpredictability_ in the design of the system. That is whay I advocate
> share-permissions, because they have a predictable and repeatable effect.
>
>

The intra-partition semantics originated in early NT (pre-3.5) as a
performance optimization. An intra-partition move only required
an adjustment in the partition tables, which saved quite a bit of
overhead (for sizable folder moves) on those old, slow x86 boxes.

For the local user, with local storage, there often are no differences
in NTFS ACLing, and where there are they ususally are aware of
them, although often not aware of impacts when moving within
one partition.

Where the storage is network shared, I still feel that one needs to
effectively use what is available (NTFS and share permissions) in
order to control access. The system admin responsible for design
of the network storage architecture should take the semantics
into acccount so that users do not have this issue happen. For
example, if the objects that users can move (files of folders full
of file) have no explicit NTFS ACEs on them, but only inherited,
then the problem you are concerned about does not happen as
it is the explicit permissions that travel with the objects. This form
of network storage design actually is the most common, where
the users do not have the permissions to set permissions and just
use the storage that is made available to them as made available.
Where that is not the case, then the storage designer can use a
technique of distributing the storage so that partition boundaries
are crossed - but this becomes messy even with use of DFS to
present a uniform view to the storage users.

That the semantics remains, now years later, is not something about
which I am a fan, not at all. I hear the arguement that the semantics
cannot be changed because of back-compatibility concerns, but I
also see the impacts and that the addition of a couple generations of
defining (and redefining) the semantics for inherited NTFS ACLing
without much concern about similar impacts as in the back-compat
concerns.

However, all things taken into account, for most cases the issues
can be mitigated in a network storage design so that users do not
run into unexpected access or non-access scenarios upon a move.
That the sys admin must be burdened with these added complexities
in network storage design is not a shining example of MS Windows.
The old (antiquated and due for retirement) semantics of moves
within a partition are IMO more often encountered by power users
on their own systems, and it is certainly not a reason to not use NTFS
ACLing effectively on network storage (which is akin to a hiway patrol
officer not using radar because it is sometimes jammed).



.

---

• References:
  • Re: NTFS permissions isses
    • From: Roger Abell [MVP]

• Prev by Date: Re: Windows crased, efs lost??
• Next by Date: Re: Windows crased, efs lost??
• Previous by thread: Re: NTFS permissions isses
• Next by thread: Re: NTFS permissions isses
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: writing to windoze partition ... Umask of 222 turns off write permissions on all files and is suggested ... Linux cannot manipulate the MFT in the NTFS filesystem. ... > The windoze partition mounts okay and I can change directories, ... (Fedora) Re: Ubuntu second hard drive was Windows partition ... drive that auto mounts but has no permissions. ... then it's probably an NTFS partition. ... ntfs-3g by default, but I know the ntfs driver I still use is Read-only. ... That would explain the fact that it mounts but there are no ... (Ubuntu) Re: Ubuntu second hard drive was Windows partition ... drive that auto mounts but has no permissions. ... then it's probably an NTFS partition. ... ntfs-3g by default, but I know the ntfs driver I still use is Read-only. ... That would explain the fact that it mounts but there are no ... (Ubuntu) Re: Default NTFS permissions too liberal on newly created volumes ... >> with no permissions and force all people to always have to set NTFS ... >> permissions when a new partition is formatted ?? ... defaults are selected as "workable" for client and server systems ... (microsoft.public.windows.server.security) Re: Sharing storage area (linked to /home) between two distros? ... and the other partition will be the remainding 190ish GB of the drive ... Then I will copy everything I just backed up into that storage area. ... I had to mess around with permissions and stuff to get it to work, but, ... Every distro I have ever used has had lists! ... (Ubuntu)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)