dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
603

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

[2K3] NTFS permissions...

Hello,

There is this one folder that i need to be able to add/create/append/modify/rename/move without ever deleting anything.

Basically users will store files from various scanners into a FOLDER1, this has several other folders, the scanned files will have a generic name the scanner assigns, once scanned the user will have to rename it and place it on a specific folder.

I have gone into the advanced security properties for the folder and denying delete and delete folders and files doesnt allow you to rename or move anything.

Can this be done or do i need to change my strategy to accommodate the way the permissions work?

Thanks.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

You're going to have change your strategy. Some of the other functions you want actually include a delete. I don't know about the rename, but a move is a copy and then delete.

My experience is to not get too fancy with permissions. If you can't handle it with Read, Write, and Create then see if there is another way to handle it.

In your case I'd recommend part user training and part a different way of doing things.

1. Scan folder gets cleaned on an X day basis, files older than X days will be deleted, X should be a week or less. The prevents people from using the scan folder as a storage area.

2. All files must be moved to a different location before X days, see above.

3. Putting the specific folders in the Scan folder is just asking for problems. Best to have another folder to hold these. For example your scans might go into the Scan folder and the users need to move the scans to the Storage folder.

How often you actually clean out the scan folder is up to you, but when you do if you stick to deleting all files older than X days the users don't have a right to complain.
dave
Premium Member
join:2000-05-04
not in ohio

1 edit

dave to PToN

Premium Member

to PToN
Rename requires delete access. You can't get round that.

Supporting evidence: this link is to [MS-FSA], which is a technical document describing certain file system algorithms to third-party developers. Observe the very first step is to check for DELETE access being granted.

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

Thanks. That's what i was suspecting.

psafux
Premium Member
join:2005-11-10

psafux to PToN

Premium Member

to PToN
Give them full permissions (which is basically what you want) and keep the folder backed up. All data that is user-facing should be backed up routinely... Users -will- find a way to screw it up.

workablob
join:2004-06-09
Houston, TX

workablob

Member

said by psafux:

Give them full permissions (which is basically what you want) and keep the folder backed up. All data that is user-facing should be backed up routinely... Users -will- find a way to screw it up.

I would not recommend setting it to full since they would be able to change permissions which is typically undesirable.

Dave
HarryH3
Premium Member
join:2005-02-21

HarryH3 to PToN

Premium Member

to PToN
Microsoft sorta missed the mark when creating NTFS file permissions. Back in the day when Novell was king of the server world they had many more options available for assigning user rights, one of which was erase. You could assign Read, Write, Modify, but not assign Erase and accomplish what you are trying to accomplish. You can see the full list about one page down here: »support.novell.com/techc ··· 101.html It just always seemed to make more sense...

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

HarryH3 See Profile, lets not go into how much better Novell was for user and file management over Windows. If only they had better marketing back in the 4.xx days.

My favorite difference is that in Novell when you cut off network access it is immediate, for Microsoft you've got your access until you log off.
HarryH3
Premium Member
join:2005-02-21

HarryH3

Premium Member

MS killed Novell the same way they killed Netscape, by giving stuff away until everyone was hooked and Novell was no longer a major player. (Though I don't miss doing client updates with Novell. That stuff was a major PITA back in the 3.x and 4.x days.)

I haven't even seen a Novell implementation since '95 or so. But I still recall (and often miss) the excellent granularity of control that it offered!

But MS doesn't have a tactic to overcome the mostly Free status of all those linux servers out there today.
dave
Premium Member
join:2000-05-04
not in ohio

dave to Kilroy

Premium Member

to Kilroy
said by Kilroy:

My favorite difference is that in Novell when you cut off network access it is immediate, for Microsoft you've got your access until you log off.

That's part of the general pattern which says that access is granted when an object is opened, the access rights attach to the open handle, and subsequent changes to permissions don't affect the open handle.

I like it because it is consistent and therefore predictable.

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

Cartel to PToN

Premium Member

to PToN
Would this help?

»www.sevenforums.com/tuto ··· cut.html
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

I wouldn't have thought so. Recall, he doesn't want to give people delete access. That program requires either that the files/folders grant 'write owner' access (more powerful than delete access) or the users have 'take owner' privilege (which basically lets 'em take over anything).