Re: ACL To Create and Modify Only New Files?




"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:KoKdnaZpcpUdiDTanZ2dnUVZ_rWtnZ2d@xxxxxxxxxxxxxxx
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:%23Il4SEAaIHA.6140@xxxxxxxxxxxxxxxxxxxxxxx
What you suggest makes sense in general, but I don't find an attribute
for just creating new files. The closest attribute is "Create Files /
Write Data". And that sounds suspiciously like a permission to both
create new files but also to modify existing ones. If it is not, then
which attribute would give the ability to modify existing files? It's
really a shame that Microsoft didn't make each part of that a separate
attribute.


When you look in the advanced view the descriptions for the
individual ACEs have two parts separated by / char. On the
left is what the ACE means applied to a directory, on the right
what it means applied to a file. So, selection of that ACE and
in the dropbox set to This folder only allows only creating new
files in that directory (similarly applied to This folder and subs).

Aha.... I think I just evolved. Thank you. :)


I think this could be seen as artifact of the era when designed
and all bits added up to significant cost, so something like a
double word is all that was allocated for all ACE flags, and
a couple of them for indication of applicability to objects and/or
container objects.

Regardless of how badly they overloaded the implementation, the user
interface of the Advanced Security Settings dialog for ACLs is fairly
awful. It's way too compressed to easily pull out the explanation you gave
just from usage. And in general the fact that the implementation is
overloaded is not a great reason to overload the user interface in a
parallel fashion.


I was only trying to build insight by sharing context for future
understanding. You probably know me sufficiently well by now
to know I am not interested in making excuses for their design or
implementation shortfalls :) And yes, I do hear your comment as
I think it took me nearly a year after coming over from Unix to
realize what I explained about the ACEs (but of course, back then
the documentation was very poor and all hidden in the api docs).

Roger


.



Relevant Pages

  • Re: ACL To Create and Modify Only New Files?
    ... left is what the ACE means applied to a directory, ... container objects. ... is not a great reason to overload the user interface in a parallel fashion. ...
    (microsoft.public.security)
  • Re: ACL To Create and Modify Only New Files?
    ... at the folder level, then how do they actually write the file. ... left is what the ACE means applied to a directory, ... is overloaded is not a great reason to overload the user interface in a ...
    (microsoft.public.security)