Re: NTFS woes
- From: "Rik G." <q@xxxx>
- Date: Wed, 23 Jan 2008 16:15:18 +0100
The context is like this: folder with Share permissions set to Full Control
for Everyone. In that folder the user's folder with NTFS permissions set to
Full Control for that user. In the user's folder one file that I don't want
him to be able to delete. (like a "sticky" in a bulletin board)
Only when I uncheck Delete Subfolders and Files is the user not able to
delete the file. But then he is no longer able to delete other files he
creates...
To me it sounds totally illogical that the explicit Deny on that one file
does not overrule the Delete Subfolders and Files permission, or even the
Full Control permission, in the parent folder.
So I suppose preventing one file from being deleted, regardless of other
permissions, cannot be done?
R.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:eDlxQDXXIHA.4272@xxxxxxxxxxxxxxxxxxxxxxx
Deny does not always overrule a grant.
An explicit deny overrules and explicit or inherited grant.
However, an inherited deny does not overrule an explicit
grant and it may or may not overrule an inherited grant (it
depends on the full context of inheritance).
That said, are you setting the full control on the folder and
the deny on the file? If so, what you may have going on
here is the "hidden delete" grant that is part of a grant of
Full on a folder. This "hidden delete" is part of requirements
for Posix compliance and is something of a pain. It imparts
ability to delete anything in the folder even though there is
no permissions on those things to delete them.
Consider granting on the folder Modify plus permission to
change permissions (which then would be Full minus the
permission to take ownership and minus the "hidden delete")
Roger
"Rik G." <q@xxxx> wrote in message
news:479694f1$0$31874$bf4948fe@xxxxxxxxxxxxxxxx
I've given a user full control over a folder, its sub folders and files.
I want to prevent the user from deleting one particular file in that
folder. He should only be able to read it.
When I create an explicit Deny Delete permission for that file, the user
can
still delete the file. I thought that Deny permissions always took
precedence over Allow permissions?
What's going on? Can this be done with NTFS at all?
Regards
R.
.
- References:
- NTFS woes
- From: Rik G.
- Re: NTFS woes
- From: Roger Abell [MVP]
- NTFS woes
- Prev by Date: Re: NTFS woes
- Next by Date: Re: NTFS woes
- Previous by thread: Re: NTFS woes
- Next by thread: Re: NTFS woes
- Index(es):
Relevant Pages
|
