Re: ACLs - Users with READ can MOVE a whole folder?

Hi Roger,

Yes, it looks like the problem is related to users having full control
instead of modify only. In general, all our shares are set up for modify
only, but this one was left over from years ago and I never got round to
changing it!

Thanks for solving it.

--
Gerry Hickman - (London UK)

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:eaMaUHMfHHA.5044@xxxxxxxxxxxxxxxxxxxxxxx
You are probably seeing an effect from the so-called "hidden child delete"
that is part of a full control grant as is a requirement for Posix
compliance.
Consider providing the Users group with Modify on U: or Modify and also
Change Permissions and Take Ownership if you do really want them to
have that. IIRC there is a discussion in the resource kit on the child
delete
included in full control.

"Gerry Hickman" <gerry666uk@xxxxxxxxxxxxxxxx> wrote in message
news:%23HVARgEfHHA.4136@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I have a mapped drive as follows

U:\ (users full)
Shared Docs (users full)
Computer Docs (users Read and Execute)
Other Docs (users full)

In general it works as expected, ordinary users can't put docs into the
"Computer Docs" folder, nor delete them. If they try to move a
sub-folder
of
"Computer Docs" they get "Access Denied", BUT

If they drag and drop the WHOLE of "Computer Docs" into "Shared Docs",
it
lets them do it! No questions! I don't understand this because even
though
they're allowed to COPY the whole folder, I don't see how they can
delete
it
after. It's as if MOVE by dragging and dropping is not seen as requiring
a
DELETE operation to complete??

Thanks for any help. This test was done with Win2k clients and servers,
not
sure if the o/s makes any difference.

--
Gerry Hickman - (London UK)






.

Relevant Pages

  • Re: MS Project Backend?
    ... Personally to me the best way to have corrupted data is to modify Project's ... data without any control, i.e. without opening Project. ...
    (microsoft.public.project)
  • Re: Need a lead for layout change in mde, if possible - Thanks
    ... The main intention is to somewhat give the user an option to modify the ... Then the report should print using this new location. ... > operations and those are not available for reports in an MDE. ... the coordinates of each control on the report would be based ...
    (microsoft.public.access.reports)
  • Re: Source Control
    ... Most of us do not modify the Public folders, so we don't run into that ... As far as version control goes, ... files and .dll's) how do you handle Microsoft updates, ...
    (microsoft.public.windowsce.platbuilder)
  • Re: version/source control in datawarehouse project
    ... SSAS ans SSRS files under a source control system like visual source safe very easily. ... you can use configuration files to store your database connections. ... each folder will contains SQL scripts which modify the database and each developer as to apply the patches on his own environment. ... There is no server or desktop in our company. ...
    (microsoft.public.sqlserver.datawarehouse)
  • Re: How to hide directories?
    ... I don't like to give anyone but system/admins full control - for all users, ... modify is quite enough. ... > I have just started an SBS server. ... I moved the folder where users home direktory are ...
    (microsoft.public.windows.server.sbs)