dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
515
share rss forum feed


PToN
Premium
join:2001-10-04
Houston, TX

[2K3] NTFS permissions...

Hello,

There is this one folder that i need to be able to add/create/append/modify/rename/move without ever deleting anything.

Basically users will store files from various scanners into a FOLDER1, this has several other folders, the scanned files will have a generic name the scanner assigns, once scanned the user will have to rename it and place it on a specific folder.

I have gone into the advanced security properties for the folder and denying delete and delete folders and files doesnt allow you to rename or move anything.

Can this be done or do i need to change my strategy to accommodate the way the permissions work?

Thanks.


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
You're going to have change your strategy. Some of the other functions you want actually include a delete. I don't know about the rename, but a move is a copy and then delete.

My experience is to not get too fancy with permissions. If you can't handle it with Read, Write, and Create then see if there is another way to handle it.

In your case I'd recommend part user training and part a different way of doing things.

1. Scan folder gets cleaned on an X day basis, files older than X days will be deleted, X should be a week or less. The prevents people from using the scan folder as a storage area.

2. All files must be moved to a different location before X days, see above.

3. Putting the specific folders in the Scan folder is just asking for problems. Best to have another folder to hold these. For example your scans might go into the Scan folder and the users need to move the scans to the Storage folder.

How often you actually clean out the scan folder is up to you, but when you do if you stick to deleting all files older than X days the users don't have a right to complain.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

1 edit
reply to PToN
Rename requires delete access. You can't get round that.

Supporting evidence: this link is to [MS-FSA], which is a technical document describing certain file system algorithms to third-party developers. Observe the very first step is to check for DELETE access being granted.


PToN
Premium
join:2001-10-04
Houston, TX
reply to PToN
Thanks. That's what i was suspecting.


psafux
Premium,VIP
join:2005-11-10
kudos:2
reply to PToN
Give them full permissions (which is basically what you want) and keep the folder backed up. All data that is user-facing should be backed up routinely... Users -will- find a way to screw it up.


workablob

join:2004-06-09
Houston, TX
kudos:4
Reviews:
·Comcast
said by psafux:

Give them full permissions (which is basically what you want) and keep the folder backed up. All data that is user-facing should be backed up routinely... Users -will- find a way to screw it up.

I would not recommend setting it to full since they would be able to change permissions which is typically undesirable.

Dave
--
I may have been born yesterday. But it wasn't at night.

HarryH3
Premium
join:2005-02-21
kudos:3
reply to PToN
Microsoft sorta missed the mark when creating NTFS file permissions. Back in the day when Novell was king of the server world they had many more options available for assigning user rights, one of which was erase. You could assign Read, Write, Modify, but not assign Erase and accomplish what you are trying to accomplish. You can see the full list about one page down here: »support.novell.com/techcenter/ar ··· 101.html It just always seemed to make more sense...


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
HarryH3 See Profile, lets not go into how much better Novell was for user and file management over Windows. If only they had better marketing back in the 4.xx days.

My favorite difference is that in Novell when you cut off network access it is immediate, for Microsoft you've got your access until you log off.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein

HarryH3
Premium
join:2005-02-21
kudos:3
MS killed Novell the same way they killed Netscape, by giving stuff away until everyone was hooked and Novell was no longer a major player. (Though I don't miss doing client updates with Novell. That stuff was a major PITA back in the 3.x and 4.x days.)

I haven't even seen a Novell implementation since '95 or so. But I still recall (and often miss) the excellent granularity of control that it offered!

But MS doesn't have a tactic to overcome the mostly Free status of all those linux servers out there today.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to Kilroy
said by Kilroy:

My favorite difference is that in Novell when you cut off network access it is immediate, for Microsoft you've got your access until you log off.

That's part of the general pattern which says that access is granted when an object is opened, the access rights attach to the open handle, and subsequent changes to permissions don't affect the open handle.

I like it because it is consistent and therefore predictable.


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
reply to PToN
Would this help?

»www.sevenforums.com/tutorials/19 ··· cut.html

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
I wouldn't have thought so. Recall, he doesn't want to give people delete access. That program requires either that the files/folders grant 'write owner' access (more powerful than delete access) or the users have 'take owner' privilege (which basically lets 'em take over anything).