NTFS Write and Modify
Rulkiewicz
Member Posts: 29 ■□□□□□□□□□
If a user has the Write permission, can he write to the save and save it, or does he need the Modify permission?
It seems their similair, except you can delete files when you have the Modify permission.
It seems their similair, except you can delete files when you have the Modify permission.
Comments
-
Mishra Member Posts: 2,468 ■■■■□□□□□□http://www.builderau.com.au/program/windows/soa/Know_the_basics_about_NTFS_permissions/0,339024644,339273478,00.htm
Once again, you really need to try these permission situations for yourself. -
royal Member Posts: 3,352 ■■■■□□□□□□Why aren't you posting this in the other thread you have? Also, why are you not testing this out for yourself? Here's some advice if you truly want to become a good admin, you need to practice, play with this stuff as much as you can, figure out some stuff on your own (you'll learn a lot more from this), and do some research. Researching will allow you to learn other things as well due to having to read various things while finding the answer.
Taken from: http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c17621675.mspxDefault Permissions
Windows XP Professional offers a very fine degree of security control over access to a wide variety of objects. A local file folder, for example, has 14 available permissions, beginning with Read, Write, Modify, and Delete. Both basic and special permissions are available for files and folders.
Basic File and Folder Permissions
The number and type of permissions that are available for any object depend on the security context of the object. For example, the following permissions are available for folders on NTFS partitions:
•
Read.
Allows a user to see the files and subfolders in a folder and view folder attributes, ownership, and permissions.
•
Write.
Allows a user to create new files and subfolders with the folder, change folder attributes, and view folder ownership and permissions.
•
List Folder Contents.
Allows a user to see the names of files and subfolders in the folder.
•
Read & Execute.
Gives a user the rights assigned through the Read permission and the List Folder Contents permission. It also gives the user the ability to traverse folders. Traverse folders rights allow a user to reach files and folders located in subdirectories even if the user does not have permission to access portions of the directory path.
•
Modify.
Gives a user the ability to delete the folder and perform the actions permitted by the Write and Read & Execute permissions.
•
Full Control.
Allows a user to change permissions, take ownership, delete subfolders and files, and perform the actions granted by all other permissions.
The following basic permissions apply to files on NTFS partitions:
•
Read.
Allows a user to read a file and view file attributes, ownership, and permissions.
•
Write.
Allows a user to overwrite a file, change file attributes, and view file ownership and permissions.
•
Read & Execute.
Gives a user the rights required to run applications and perform the actions permitted by the Read permission.
•
Modify.
Gives a user the ability to modify and delete a file and perform the actions permitted by the Write and Read & Execute permissions.
•
Full Control.
Allows a user to change permissions, take ownership, and perform the actions granted by all other permissions.
Note Share permissions for NTFS volumes work in combination with file and directory permissions. By default, in Windows 2000 the permissions for a new share on an NTFS partition allow Everyone Full Control. In Windows XP, the default permissions for a new share have been tightened to Everyone Read for added security.
Advanced File and Folder Permissions
A number of more detailed permissions are available when you click the Advanced button on the Properties page; select a user, group, or security principal; and then click Edit. These permissions include:
•
Traverse Folder/Execute File.
Allows or denies moving through folders to reach other files or folders even if the user has no permissions to the folders being traversed. (The permission applies only to folders.) Traverse Folder takes effect when a group or user is not granted the Bypass Traverse Checking user right in the Group Policy snap-in. (By default, the Everyone group is given the Bypass Traverse Checking user right.) The Execute File permission allows or denies running program files. (The permission applies only to files.)
Note Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.
•
List Folder/Read Data.
Allows or denies viewing filenames and subfolder names within the folder. (The permission applies only to folders.) The Read Data permission allows or denies viewing data in files. (The permission applies only to files.)
•
Read Attributes.
Allows or denies viewing the attributes of a file or folder (for example, the read-only and hidden attributes). Attributes are defined by NTFS.
•
Read Extended Attributes.
Allows or denies viewing the extended attributes of a file or folder. Extended attributes are defined by programs and can vary by program.
•
Create Files/Write Data.
Allows or denies creating files within the folder. (The permission applies only to folders.) Also, the Write Data permission allows or denies making changes to the file and overwriting existing content. (The permission applies only to files.)
•
Create Folders/Append Data.
Allows or denies creating folders within the folder. (The permission applies only to folders.) The Append Data permission allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data. (The permission applies only to files.)
•
Write Attributes.
Allows or denies changing the attributes of a file or folder.
•
Write Extended Attributes.
Allows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and might vary by program.
•
Delete Subfolders and Files.
Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file.
•
Delete.
Allows or denies deleting the file or folder. If you don’t have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files permission on the parent folder.
•
Read Permissions.
Allows or denies reading permissions of a file or folder, such as Full Control, Read, and Write.
•
Change Permissions.
Allows or denies changing permissions on the file or folder, such as Full Control, Read, and Write.
•
Take Ownership.
Allows or denies taking ownership of a file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.“For success, attitude is equally as important as ability.” - Harry F. Banks