Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant
Understanding file and folder permissions
Understanding file and folder permissions
The basic permissions you can assign to files and folders are summarized in Table 4–2. File permissions include Full Control, Modify, Read Execute, Read, and Write. Folder permissions include Full Control, Modify, Read Execute, List Folder Contents, Read, and Write.
TABLE 4–2 File and folder permissions used by Windows Server 2012 R2
PERMISSION | MEANING FOR FOLDERS | MEANING FOR FILES |
---|---|---|
Read | Permits viewing and listing files and subfolders | Permits viewing or accessing a file’s contents |
Write | Permits adding files and subfolders | Permits writing to a file |
Read + Execute | Does not permit viewing the contents of files. You can list file and folder names, but you can’t open files to read, nor can you execute files if that execute requires opening the file (as in a batch or PS1 file). Inherited by files and folders. | Permits viewing and accessing a file’s contents in addition to executing a file |
List Folder Contents | Permits viewing and listing file names and subfolder names in addition to executing files; inherited by folders only | Not applicable |
Modify | Permits reading and writing of files and subfolders; allows deletion of the folder | Permits reading and writing of a file; allows deletion of a file |
Full Control | Permits reading, writing, changing, and deleting files and subfolders | Permits reading, writing, changing, and deleting a file |
Any time you work with file and folder permissions, you should keep the following in mind:
? Read is the only permission needed to run scripts. Execute permission doesn’t matter.
? Read access is required to access a shortcut and its target.
? Giving a user permission to write to a file but not to delete it doesn’t prevent the user from deleting the file’s contents.
? If a user has full control over a folder, the user can delete files in the folder regardless of the permission on the files.
The basic permissions are created by combining special permissions in logical groups. Table 4–3 shows special permissions used to create the basic permissions for files. By using advanced permission settings, you can assign these special permissions individually, if necessary. As you study the special permissions, keep the following in mind:
? By default, if no access is specifically granted or denied, the user is denied access. Further, if a permission has been explicitly denied, the deny will override any permission grant.
? Actions that users can perform are based on the sum of all the permissions assigned to the user and to all the groups of which the user is a member. For example, if the user GeorgeJ has Read access and is a member of the group Techies, which has Change access, GeorgeJ will have Change access. If Techies is a member of Administrators, which has Full Control, GeorgeJ will have complete control over the file. However, if GeorgeJ has been explicitly denied a permission, the deny will override any grant.
TABLE 4–3 Special permissions for files
SPECIAL PERMISSIONS | FULL CONTROL | MODIFY | READ+EXECUTE | READ | WRITE |
---|---|---|---|---|---|
Traverse Folder/Execute File | Yes | Yes | Yes | ||
List Folder/Read Data | Yes | Yes | Yes | Yes | |
Read Attributes | Yes | Yes | Yes | Yes | |
Read Extended Attributes | Yes | Yes | Yes | Yes | |
Create Files/Write Data | Yes | Yes | Yes | ||
Create Folders/Append Data | Yes | Yes | Yes | ||
Write Attributes | Yes | Yes | Yes | ||
Write Extended Attributes | Yes | Yes | Yes | ||
Delete Subfolders And Files | Yes | ||||
Delete | Yes | Yes | |||
Read Permissions | Yes | Yes | Yes | Yes | Yes |
Change Permissions | Yes | ||||
Take Ownership | Yes |
Table 4–4 shows special permissions used to create the basic permissions for folders. As you study the special permissions, keep in mind that when you create files and folders, these files and folders inherit certain permission settings from parent objects. These permission settings are shown as the default permissions.
TABLE 4–4 Special permissions for folders
SPECIAL PERMISSIONS | FULL CONTROL | MODIFY | READ+EXECUTE | LIST FOLDER CONTENTS | READ | WRITE |
---|---|---|---|---|---|---|
Traverse Folder/Execute File | Yes | Yes | Yes | Yes | ||
List Folder/Read Data | Yes | Yes | Yes | Yes | Yes | |
Read Attributes | Yes | Yes | Yes | Yes | Yes | |
Read Extended Attributes | Yes | Yes | Yes | Yes | Yes | |
Create Files/Write Data | Yes | Yes | Yes | |||
Create Folders/Append Data | Yes | Yes | Yes | |||
Write Attributes | Yes | Yes | Yes | |||
Write Extended Attributes | Yes | Yes | Yes | |||
Delete Subfolders And Files | Yes | |||||
Delete | Yes | Yes | ||||
Read Permissions | Yes | Yes | Yes | Yes | Yes | |
Change Permissions | Yes | |||||
Take Ownership | Yes |
- Managing share permissions
- Understanding the various share permissions
- Enforcing Permissions Elsewhere
- File and folder permissions
- Shared Cache file
- Безопасность внешних таблиц. Параметр EXTERNAL FILE DIRECTORY
- Разработка приложений баз данных InterBase на Borland Delphi
- Open Source Insight and Discussion
- Introduction to Microprocessors and Microcontrollers
- Chapter 6. Traversing of tables and chains
- Chapter 8. Saving and restoring large rule-sets
- Chapter 11. Iptables targets and jumps