Re: NTFS permissions isses
- From: "Paul Baker" <paulb@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 16:38:34 -0500
When a file is moved or created in any way except copying, it inherits.the
permissions of its containing folder.
In the scenarios you give, one could argue that you would be moving the
file, not copying it. In practice, however, people tend to copy a file and
then delete the original instead of moving it. In that case, the copying
scenario applies.
Paul
"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:20C19AE0-618F-4346-8012-FD66CEB96AA9@xxxxxxxxxxxxxxxx
> "Roger Abell [MVP]" wrote:
>
>
>> That the semantics remains, now years later, is not something about
>> which I am a fan, not at all. I hear the arguement that the semantics
>> cannot be changed because of back-compatibility concerns, but I
>> also see the impacts and that the addition of a couple generations of
>> defining (and redefining) the semantics for inherited NTFS ACLing
>> without much concern about similar impacts as in the back-compat
>> concerns.
>
> True.
>
> I reckon that part of the problem is that programmers see
> filesystem-permissions as a system-engineering tool firstly, and a
> network-management tool only as an afterthought. The present arrangement
> whereby a file acquires the rights of the folder where its created, but
> then
> carries those rights with it elsewhere, suits system-designers who want to
> restrict access to files by running processes. It does not suit office
> staff, who want to be able to put files into folders, whereby the settings
> on
> the folders themselves determine who can access what.
>
> For example, as an office user I have a confidential file, so I transfer
> it
> from my desktop, where it was created, into the Classified folder on the
> server. That should make it accessible only to trusted users. But it
> doesn't.
> In fact it is only accessible to me. So, I adjust the permisssions. Later,
> the file is declassified, so I move it to the Public folder. It should now
> be
> accessible to everyone.. But it isn't.
>
> A more-serious scenario arises if it's decided to classify a
> previously-public document; in this case you end-up with a file in the
> Classified folder which is publicly-accessible, and remains so even after
> secret data has been added to it - a highly unsatisfactory situation, and
> one
> which could lead to serious red faces all-round.
>
> We seem to be stuck in a paradigm that dictates things HAVE to be like
> this.. on Linux as well as Windows. But they don't. Netware
> filesystem-permissions worked 'as an office user would think they should'
> and
> in fact Netware shares had no permissions in-themselves, everything
> depended
> on the filesystem rights. If it could be got right on DOS and Windows 3,
> surely it could be put right now.
>
>
.
- References:
- Re: NTFS permissions isses
- From: Roger Abell [MVP]
- Re: NTFS permissions isses
- From: Roger Abell [MVP]
- Re: NTFS permissions isses
- Prev by Date: Re: restricted sites zone in IE
- Next by Date: Re: fake security warnings
- Previous by thread: Re: NTFS permissions isses
- Next by thread: Re: NTFS permissions isses
- Index(es):
Relevant Pages
|
