Re: SQL 2000 and NTFS

From: Luis (hernandez_nj@Hotmail.com)
Date: 10/23/02 

From: "Luis" <hernandez_nj@Hotmail.com>
Date: Wed, 23 Oct 2002 07:34:32 -0700

Hari
Thanks.
I am concerned about this being a security issue. Someone
who gains access to the file can reattach the database
back to another server and login in as "SA" and have
access to all the data. WHy is there no mention of this
in the SQL Books online or in the knowledge base.
Shouldn't there be a warning that NTFS permissions should
be changed so that this situation does not happen?
Luis
>-----Original Message-----
>Thanks for the information.
>
>I thought the problem was inside SQL Server. It was a
misunderstanding from
>my side.
>Incase of file permissions , what u are saying is correct
the permission to
>to child directory will be inherited from root directory
incase we are not
>changing.
>
>Regards
>Hari Prasad.
>
>
>"Luis" <hernandez_nj@hotmail.com> wrote in message
>news:a43901c279da$1607b330$2ae2c90a@phx.gbl...
>> Hari
>> Thank you so much. Everyone is NOT under the
>> administrators. I am saying that when you creat a
>> database with the data file located other than the
default
>> directory, the NTFS permissions are inherited from
>> parent. But if you create it under the default location
>> (C:\Program Files\Microsoft SQL
>> Swerver\MSSQL\Data\mydatbase.mdf) the permissions are
>> explicitly asigned to administrator and sqlservice" Try
>> it.
>> Luis
>> >-----Original Message-----
>> >Hi,
>> >
>> >Check the NTFS "Everyone" falls under administrators
>> group. If Everyone
>> >falls under Admin group ultimately he will
get "SYSADMIN
>> role of SQL server"
>> >and he can access all databases.
>> >
>> >Regards
>> >Hari Prasad.K.
>> >MSSQL DBA
>> >US Softwares
>> >Trivandrum
>> >India.
>> >
>> >
>> >"Luis" <hernandez_nJ@hotmail.com> wrote in message
>> >news:8a0a01c27927$866e82b0$2ae2c90a@phx.gbl...
>> >> The default NTFS permissions on the system databases
are
>> >> administrator full control and sqlservice (SERVICE
>> >> ACCOUNT) full control. However, for every new
database
>> >> that I create the permissions are set for everyone -
>> full
>> >> control. WHy is that so? This does not sound right
>> >
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages

  • RE: copy permissions from one user to another?
    ... THIS STORED PROCEDURE GENERATES COMMANDS ... -- ADD USER TO SERVER ... -- CREATE TABLE TO HOLD LIST OF USERS IN CURRENT DATABASE ... -- SET COMMAND TO FIND USER PERMISSIONS HAS IN CURRENT DATABASE ...
    (microsoft.public.sqlserver.security)
  • Re: Effective Permissions Error with Domain User
    ... I set the database compatibility to 2005. ... server profile trace and found that it was calling the Execute As User. ... This leads me to believe it is some sort of permissions issue. ... Did you get these database from SQL Server 2000 by using a RESTORE command? ...
    (microsoft.public.sqlserver.security)
  • Re: How to prevent DELETEs in a table
    ... It is the dbo database USER, not server-level groups, that determins ... It has implicit permissions that can not be denied. ... SQL Server just skips any permission validation for sysadmins. ...
    (microsoft.public.sqlserver.server)
  • Re: Disable Sysadmin to view metadata in SQL2005
    ... you are looking for a DRM solution for your database. ... Server does not provide such a solution. ... SQL Server Engine ... If the permissions are not granular ...
    (microsoft.public.sqlserver.security)
  • Re: Table permissions: No matter what I set all users have full access?
    ... I have created a new Windows user the ... logged on to another PC as that user and can still access the database with ... The new user does not have a login on the server and is ... I even created a login for the user and denied SELECT permissions on various ...
    (microsoft.public.access.adp.sqlserver)