NTFS permissions help
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
okay. We need employees to be able to save a text file to the folder
but they cannot change or edit or modify the document.
what the heck NTFS permission is this? I have tried tons of stuff nothing is right? Has anyone experienced this kind of permission?
but they cannot change or edit or modify the document.
what the heck NTFS permission is this? I have tried tons of stuff nothing is right? Has anyone experienced this kind of permission?
Comments
You will need some type of enterprise content management solution with check-in/check-out and workflow document approvals to really lock this down. If you are only trying to allow for rollback from unauthorized changes, you can use VSS snapshots or automatic version control in SharePoint.
File and folder permissions
Permissions for files and folders: User Rights; Security Policy; Security Services
As long as "Append Data" is not granted, the ability to edit the files once they are saved would be blocked... right? I'd think this could be accomplished with "Write" and "List Folder Contents".
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
For my testing I gave myself Create Files / Write Data and List Folder / Read Data. (and also completely remove any other access) This will allow me to make a new file in here, for example a .txt document but I am unable to view anything in it when I open it. So it depends on how this file is being created.
If it is output from a command line that is being saved via > file.txt you should be good to go. If people are designing these text files in notepad, it will all work fine, but you will have one small problem. There will be a temporary file left (because the user isn't allowed to delete it)
Try that and let me know if it accomplishes what you need
Not True, with my example I was able to make a file. If I opened the text file I got "access denied" and was given a blank notepad. If I tried to use the redirect to overwrite it, I also was given an access is denied error.
Exactly what I was thinking. I create dropboxes (just a folder where students can turn in assignments) on a server for K-12 students at work. We have it setup where students only have write access to the "to teacher" folder.
Example-
>Dropbox (staff- R&E, List, Read) (students- R&E, List, Read)
>>teacher1 (all inherited permissions) (teacher1- full control)
>>>to students (all inherited permissions for staff, students and teacher1)
>>>to teacher (We do not inherit permissions in this folder. we copy permissions and set the students group to write only) this prevents most of the "I'm copying your assignment" fraud lazy students try.
The Dropbox folder is the sharepoint on the server. The network path looks something like \\students\dropbox\teacher1\to teacher) and the folder lives at S:\Dropbox on the server. I don't know if this is the best design but it is simple to setup and easy for everyone to understand.
As long as "Creator Owner" modify permission is revoked... I don't remember what the default is for that for the different versions of Windows, but you'd want to take that away if it's there.
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
I did it by (it works) changing the permssions to:
Perm on the group:
read
special
-List Folder (4 checkmarks down) to Create/Write data (stop).
Read checked
Deny (another special window was created when I checked this)-Write Attributes
works great