Folder and file permissions question

Walk me through this question;

You are configuring share permissions for a shared folder on a file server. You want all Authenticated users to be able to save files to the folder, read all files in the folder, and modify or delete files that they own.

What are the correct security and share permissions that you need to set on the shared forlder to achieve your objective? (choose all that apply)

A. Authenticated Users-Full Control
B. Authenticated Users-Change
C. Authenticated Users-Read
D. Creator /Owner-Full Control
E. Creator/Owner-Change
F. Creator/Owner-Read

Its easy to get that Creator Owner needs the change permission, but according to the training kit (where this question is from), Authenticated users only needs the Read permission. And thats what I do not get, because how can they create files in the folder, with only the read permission? Is there something I'm missing. Of course giving them the change permission would give them more permission than required, but how can they create files, with only the read permission?

Thanks in advance for any feedback.

Find more posts tagged with

Comments

dynamik

I believe that they will be considered a member of the Creator/Owner group when they attempt to write (create) a file, so they will also have the change permission under that circumstance. This will allow them to create new files but not write to anyone else's.

Dracula28

Interesting (The members of the creator/owner group are anyone who creates a file or subfolder in a folder, right?).

But it doesn't seem logic though, because the authenticated users have not specifically been given the permission to write files to the folder. Does it mean that when creator owner is given change permission in a folder's ACL, all users can write files to that folder, and thus become creator owner of that created file/folder, without really having permissions to write to the parent folder?

I'm still confused.

Btw, hope I made sense in that paragraph.

rjbarlow

Authenticated users cannot create a folder if they don't have at least the Change sharing permission and Modify NTFS permission. Just tried.
Bad answer for me.

dynamik

I'm sorry. I wasn't in a place where I could test it, and I was just trying to get some discussion started as to how those answers would work.

It looks like this is an error in the text and was corrected in the errata.

Page 16-8: Incorrect answer to question 2
On page 16-8, the answer given for question 2 is incorrect.

Change:
"Correct Answers: C and E
A. Incorrect: Giving Authenticated Users--Full Control permission will allow modification or deletion of any files in the folder, which gives more permission than required.
B. Incorrect: Giving Authenticated Users--Change permission will allow modification of any files in the folder, which gives more permission that required.
C. Correct: Giving Authenticated Users--Read permission will allow reading of any files in the folder, which fulfills the requirement.
D. Incorrect: Giving permissions for Creator/Owner–Full Control will allow users to modify or delete their own files, but would also allow them to change permissions on the files. With the ability to change permissions, the Creator/Owner could set permissions that allow other users to modify or delete files.
E. Correct: Giving permissions for Creator/Owner–Change will allow users who create the file to modify or delete it, which satisfies the requirements.
F. Incorrect: Giving permissions for Creator/Owner–Read will not allow users to create or modify any files in the folder, which does not satisfy the requirements."

To:
"Correct Answers: B and E
A. Incorrect: Giving Authenticated Users--Full Control permission will allow modification or deletion of any files in the folder, which gives more permission than required.
B. Correct: Giving Authenticated Users--Change permission will allow users to save files to the folder.
C. Incorrect: Giving Authenticated Users--Read permission will allow reading of any files in the folder, but will not allow users to save files to the folder.
D. Incorrect: Giving permissions for Creator/Owner–Full Control will allow users to modify or delete their own files, but would also allow them to change permissions on the files. With the ability to change permissions, the Creator/Owner could set permissions that allow other users to modify or delete files.
E. Correct: Giving permissions for Creator/Owner–Change will allow users who create the file to modify or delete it, which satisfies the requirements.
F. Incorrect: Giving permissions for Creator/Owner–Read will not allow users to create or modify any files in the folder, which does not satisfy the requirements."

You should always start with the errata if something doesn't make sense. As you see, there are a couple dozen errors in that text. I guess we also learned that some people should lab it up before answering a question they're unsure of

sprkymrk

Even the errata is not really correct - it will work but it is overkill. Since the creator/owner IS an authenticated user, there is no point in even adding the "change" permission for creator owner at all since you already gave it to authenticated users. And authenticated users can still modify or delete files that they own and that everyone else owns. This is a case where more advanced permissions are needed than what are available in the answer.

Dracula28

Yep that seems correct. Thanks for the help guys, I just couldn't get how anyone with only read permission could write to a folder.

Btw, its strange that the same error exists in the second edition of the book as well.