Re: File permissons
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/16/05
- Next message: Roger Abell: "Re: File permissons"
- Previous message: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- In reply to: Brian Morris: "Re: File permissons"
- Next in thread: Roger Abell: "Re: File permissons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Feb 2005 08:13:18 -0700
The eventually is most often an editing of a security
descriptor down within that upon saving triggers the
repropagation of inheritables.
However, this eventuality would not have impact
here since the mdb is marked to block inheritance.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Brian Morris" <softcom@tstt.net.tt-nojunk> wrote in message
news:u%23K47a7EFHA.208@TK2MSFTNGP12.phx.gbl...
> Roger,
> Yes you are right, I found that it 1st creates the new file in the
> MyDocuments folder and then moves it to the C:\MyApp folder. I'll force
it
> to work in the C:\MyApp folder and see if that solves the whole problem.
>
> What kind of events trigger "eventually"?
>
> Thanks a lot
> Brian
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:O5p1yF3EFHA.1524@TK2MSFTNGP09.phx.gbl...
> > Hi Brian
> >
> > It is an OI (two letters) for Object Inherit
> >
> > So the text file is as one would expect, while the mdb
> > is totally different.
> >
> > This looks like the mdb may have first been made in
> > some other location on the same partition, where the
> > permissions of the containing folder are
> > System Full, Administrators Full, Creator Owner Full
> > and then moved to the MyApp folder
> >
> > Moving a file within a partition takes the permissions
> > along with it. Now, the file will eventually receive the
> > inhertable permissions of the move-to location if this
> > inheritance is not blocked, but that "eventually" takes a
> > triggering event for it to happen.
> >
> > If moving of the mdb is not involved then it would be
> > something about how Access works (?) so you may
> > want to ask there.
> > Given what you posted there is no way a file simply
> > created in or copied into MyApp should have other than
> > the permissions like those on test.txt
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "Brian Morris" <softcom@tstt.net.tt-nojunk> wrote in message
> > news:%23GGIRnrEFHA.3536@TK2MSFTNGP15.phx.gbl...
> > > Roger,
> > > I understand what you say about the permissions. My code is not
> > > manipulating the permissions so it should definitely (I think) have to
> do
> > > with the folder settings
> > >
> > > This is what I got...
> > >
> > > cacls c:\MyApp
> > > everyone:(01)(CI)F
> > > {I had them (my client) do it over the phone so we're not sure if its
a
> > zero
> > > or an O}
> > >
> > > cacls c:\MyApp\test.txt
> > > everyone:F
> > >
> > > cacls c:\MyApp\Temp.mdb
> > > c:\MyApp\Temp.mdb softcom\brian:F
> > > NT authority\system:F
> > > builtin\adimistrators:F
> > >
> > > I hope this tells you something.
> > > Thanks a lot
> > > Brian
> > >
> > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > news:O5e0izlEFHA.464@TK2MSFTNGP15.phx.gbl...
> > > > Brian,
> > > > Try starting notepad, typing something and saving into the
> > > > directory. If the permissions of the new file are not what
> > > > you expect, then post for us the results from running at a
> > > > cmd prompt
> > > > cacls <path of folder>
> > > > and then
> > > > cacls <full file pathname>
> > > > that we might see what is happening.
> > > >
> > > >
> > > > --
> > > > Roger Abell
> > > > Microsoft MVP (Windows Security)
> > > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > "Brian Morris" <softcom@tstt.net.tt> wrote in message
> > > > news:enRspyeEFHA.2156@TK2MSFTNGP10.phx.gbl...
> > > > > I can't say it does not happen for other apps because I don't know
> if
> > > > other
> > > > > apps do a similar thing, however no other app is giving problems.
> > > > >
> > > > > When you say "This setting is under the control of the application
> > > > creating
> > > > > the" does this mean that I should in my code be able to set the
> > > behaviour?
> > > > > Should this be the case? I would have thought not since it would
> mean
> > > > that
> > > > > I could write an app that would disregard the Windows security
(like
> a
> > > > virus
> > > > > or something)
> > > > > This is an MS access app and so far I can't find such options for
> the
> > > > RENAME
> > > > > filename function.
> > > > >
> > > > > Thanks
> > > > > Brian
> > > > >
> > > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > > > news:OZcjRB9DFHA.4004@tk2msftngp13.phx.gbl...
> > > > > > And this is only happening for new folders/files defined by
> > > > > > that one application?
> > > > > > You said you have correctly diagnosed the problem's cause as
> > > > > > > option on the file for "Inherit from parent the permission
> entries
> > > > that
> > > > > > > apply to child objects..." does not get turned on even though
in
> > the
> > > > > > This setting is under the control of the application creating
the
> > > > > > filesystem object, and, this is the settings that blocks
> > inheritance,
> > > so
> > > > > > > on even though in the advanced options for
> > > > > > > both C:\ and C:\MyApp folders have a tick in "Inherit
> > > > > > > from parent the permission entries that apply to child
objects.
> > > > > > they are ignored, or rather, blocked.
> > > > > >
> > > > > > --
> > > > > > Roger Abell
> > > > > > Microsoft MVP (Windows Security)
> > > > > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > > > "Brian Morris" <softcom@tstt.net.tt> wrote in message
> > > > > > news:uOeeevsDFHA.3452@TK2MSFTNGP09.phx.gbl...
> > > > > > > Hello,
> > > > > > > I need some help with setting the correct permissions on
> computers
> > > in
> > > > a
> > > > > > > domain.
> > > > > > >
> > > > > > > My problem is the if Administrator user logs in and runs an
app
> > that
> > > > > > creates
> > > > > > > a file in C:\MyApp, and then Non-Admin user logs in on the
same
> > > > computer
> > > > > > and
> > > > > > > tries to access the file that was created the Non-Admin user
has
> > no
> > > > file
> > > > > > > permissions.
> > > > > > >
> > > > > > > I've noticed that after the Admin user logs off, the advanced
> > > security
> > > > > > > option on the file for "Inherit from parent the permission
> entries
> > > > that
> > > > > > > apply to child objects..." does not get turned on even though
in
> > the
> > > > > > > advanced options for both C:\ and C:\MyApp folders have a tick
> in
> > > > > "Inherit
> > > > > > > from parent the permission entries that apply to child
objects.
> > > > Include
> > > > > > > these with..."
> > > > > > >
> > > > > > > I looked at the permissons on both C:\ and C:\MyApp.
> > > > > > > C:\
> > > > > > > Administrators - Full Control
> > > > > > > Creator Owner - Nothing
> > > > > > > EveryOne - Nothing
> > > > > > > System - Full Control
> > > > > > > Users - Read & Execute but not Modify not
> Write
> > > > > > >
> > > > > > > C:\MyApp
> > > > > > > Non-Admin - Nothing
> > > > > > > Administrators - Full Control
> > > > > > > Creator Owner - Nothing
> > > > > > > Domain Users - everything EXCEPT Full Control
> > > > > > > System - Full Control
> > > > > > > Domain Users - everything EXCEPT Full Control
> > > > > > >
> > > > > > > I don't know where else to look for the option that would tell
a
> > > file
> > > > to
> > > > > > > inherit permissions from its folder.
> > > > > > >
> > > > > > > Thanks
> > > > > > > Brian
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>
- Next message: Roger Abell: "Re: File permissons"
- Previous message: Smurfman: "Re: Exchange OWA 2003 Trusted Root Certificate"
- In reply to: Brian Morris: "Re: File permissons"
- Next in thread: Roger Abell: "Re: File permissons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
