Re: File permissons
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/19/05
- Next message: Steven L Umbach: "Re: Possible Security Leak"
- Previous message: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- In reply to: Brian Morris: "Re: File permissons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Feb 2005 18:27:46 -0700
"Brian Morris" <softcom@tstt.net.tt-nojunk> wrote in message
news:%23Y3qMzTFFHA.2156@TK2MSFTNGP10.phx.gbl...
> Roger,
> We tested it today and it seems to work just fine now. Problem solved
(for
> good I hope).
> Thanks a lot
> Brian
>
That is good to hear.
Later,
--
Roger
> "Brian Morris" <softcom@tstt.net.tt-nojunk> wrote in message
> news:u%23K47a7EFHA.208@TK2MSFTNGP12.phx.gbl...
> > Roger,
> > Yes you are right, I found that it 1st creates the new file in the
> > MyDocuments folder and then moves it to the C:\MyApp folder. I'll force
> it
> > to work in the C:\MyApp folder and see if that solves the whole problem.
> >
> > What kind of events trigger "eventually"?
> >
> > Thanks a lot
> > Brian
> >
> > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > news:O5p1yF3EFHA.1524@TK2MSFTNGP09.phx.gbl...
> > > Hi Brian
> > >
> > > It is an OI (two letters) for Object Inherit
> > >
> > > So the text file is as one would expect, while the mdb
> > > is totally different.
> > >
> > > This looks like the mdb may have first been made in
> > > some other location on the same partition, where the
> > > permissions of the containing folder are
> > > System Full, Administrators Full, Creator Owner Full
> > > and then moved to the MyApp folder
> > >
> > > Moving a file within a partition takes the permissions
> > > along with it. Now, the file will eventually receive the
> > > inhertable permissions of the move-to location if this
> > > inheritance is not blocked, but that "eventually" takes a
> > > triggering event for it to happen.
> > >
> > > If moving of the mdb is not involved then it would be
> > > something about how Access works (?) so you may
> > > want to ask there.
> > > Given what you posted there is no way a file simply
> > > created in or copied into MyApp should have other than
> > > the permissions like those on test.txt
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > "Brian Morris" <softcom@tstt.net.tt-nojunk> wrote in message
> > > news:%23GGIRnrEFHA.3536@TK2MSFTNGP15.phx.gbl...
> > > > Roger,
> > > > I understand what you say about the permissions. My code is not
> > > > manipulating the permissions so it should definitely (I think) have
to
> > do
> > > > with the folder settings
> > > >
> > > > This is what I got...
> > > >
> > > > cacls c:\MyApp
> > > > everyone:(01)(CI)F
> > > > {I had them (my client) do it over the phone so we're not sure if
its
> a
> > > zero
> > > > or an O}
> > > >
> > > > cacls c:\MyApp\test.txt
> > > > everyone:F
> > > >
> > > > cacls c:\MyApp\Temp.mdb
> > > > c:\MyApp\Temp.mdb softcom\brian:F
> > > > NT authority\system:F
> > > > builtin\adimistrators:F
> > > >
> > > > I hope this tells you something.
> > > > Thanks a lot
> > > > Brian
> > > >
> > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > > news:O5e0izlEFHA.464@TK2MSFTNGP15.phx.gbl...
> > > > > Brian,
> > > > > Try starting notepad, typing something and saving into the
> > > > > directory. If the permissions of the new file are not what
> > > > > you expect, then post for us the results from running at a
> > > > > cmd prompt
> > > > > cacls <path of folder>
> > > > > and then
> > > > > cacls <full file pathname>
> > > > > that we might see what is happening.
> > > > >
> > > > >
> > > > > --
> > > > > Roger Abell
> > > > > Microsoft MVP (Windows Security)
> > > > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > > "Brian Morris" <softcom@tstt.net.tt> wrote in message
> > > > > news:enRspyeEFHA.2156@TK2MSFTNGP10.phx.gbl...
> > > > > > I can't say it does not happen for other apps because I don't
know
> > if
> > > > > other
> > > > > > apps do a similar thing, however no other app is giving
problems.
> > > > > >
> > > > > > When you say "This setting is under the control of the
application
> > > > > creating
> > > > > > the" does this mean that I should in my code be able to set the
> > > > behaviour?
> > > > > > Should this be the case? I would have thought not since it
would
> > mean
> > > > > that
> > > > > > I could write an app that would disregard the Windows security
> (like
> > a
> > > > > virus
> > > > > > or something)
> > > > > > This is an MS access app and so far I can't find such options
for
> > the
> > > > > RENAME
> > > > > > filename function.
> > > > > >
> > > > > > Thanks
> > > > > > Brian
> > > > > >
> > > > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > > > > news:OZcjRB9DFHA.4004@tk2msftngp13.phx.gbl...
> > > > > > > And this is only happening for new folders/files defined by
> > > > > > > that one application?
> > > > > > > You said you have correctly diagnosed the problem's cause as
> > > > > > > > option on the file for "Inherit from parent the permission
> > entries
> > > > > that
> > > > > > > > apply to child objects..." does not get turned on even
though
> in
> > > the
> > > > > > > This setting is under the control of the application creating
> the
> > > > > > > filesystem object, and, this is the settings that blocks
> > > inheritance,
> > > > so
> > > > > > > > on even though in the advanced options for
> > > > > > > > both C:\ and C:\MyApp folders have a tick in "Inherit
> > > > > > > > from parent the permission entries that apply to child
> objects.
> > > > > > > they are ignored, or rather, blocked.
> > > > > > >
> > > > > > > --
> > > > > > > Roger Abell
> > > > > > > Microsoft MVP (Windows Security)
> > > > > > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > > > > "Brian Morris" <softcom@tstt.net.tt> wrote in message
> > > > > > > news:uOeeevsDFHA.3452@TK2MSFTNGP09.phx.gbl...
> > > > > > > > Hello,
> > > > > > > > I need some help with setting the correct permissions on
> > computers
> > > > in
> > > > > a
> > > > > > > > domain.
> > > > > > > >
> > > > > > > > My problem is the if Administrator user logs in and runs an
> app
> > > that
> > > > > > > creates
> > > > > > > > a file in C:\MyApp, and then Non-Admin user logs in on the
> same
> > > > > computer
> > > > > > > and
> > > > > > > > tries to access the file that was created the Non-Admin user
> has
> > > no
> > > > > file
> > > > > > > > permissions.
> > > > > > > >
> > > > > > > > I've noticed that after the Admin user logs off, the
advanced
> > > > security
> > > > > > > > option on the file for "Inherit from parent the permission
> > entries
> > > > > that
> > > > > > > > apply to child objects..." does not get turned on even
though
> in
> > > the
> > > > > > > > advanced options for both C:\ and C:\MyApp folders have a
tick
> > in
> > > > > > "Inherit
> > > > > > > > from parent the permission entries that apply to child
> objects.
> > > > > Include
> > > > > > > > these with..."
> > > > > > > >
> > > > > > > > I looked at the permissons on both C:\ and C:\MyApp.
> > > > > > > > C:\
> > > > > > > > Administrators - Full Control
> > > > > > > > Creator Owner - Nothing
> > > > > > > > EveryOne - Nothing
> > > > > > > > System - Full Control
> > > > > > > > Users - Read & Execute but not Modify not
> > Write
> > > > > > > >
> > > > > > > > C:\MyApp
> > > > > > > > Non-Admin - Nothing
> > > > > > > > Administrators - Full Control
> > > > > > > > Creator Owner - Nothing
> > > > > > > > Domain Users - everything EXCEPT Full Control
> > > > > > > > System - Full Control
> > > > > > > > Domain Users - everything EXCEPT Full Control
> > > > > > > >
> > > > > > > > I don't know where else to look for the option that would
tell
> a
> > > > file
> > > > > to
> > > > > > > > inherit permissions from its folder.
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > > Brian
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >
>
>
- Next message: Steven L Umbach: "Re: Possible Security Leak"
- Previous message: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- In reply to: Brian Morris: "Re: File permissons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
