General discussion
-
CreatorTopic
-
June 9, 2002 at 5:28 pm #2324803
prevent users from modifying permissions
Lockedby rozan · about 21 years, 10 months ago
I have set users home directories to “Change” permissions (RWXD). But somehow, the users are able to modify the permissions of subdirs they create underneath. I thought that without the P permission, this is NOT possible. It seems that the Change permission I have set is equal to Full.
Anyone has an explanation?
Thanks,This conversation is currently closed to new comments. -
CreatorTopic
All Comments
-
AuthorReplies
-
-
June 9, 2002 at 6:03 pm #3657131
prevent users from modifying permissions
by itnetman · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
Did you leave Creator/Owner in as Full Control? If so remove this user from all permissions. Unsure of any other solution without more details. Hope this helps.
-
June 9, 2002 at 6:24 pm #3657128
prevent users from modifying permissions
by rozan · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
No.
But, there is “Full” permission for Everyone on the share itself which covers the whole disk volume. I’m not sure that this Full permission on the share is the cause.
-
-
June 9, 2002 at 10:43 pm #3657075
prevent users from modifying permissions
by gigelul · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
Hi
Full permission for everyone on share is OK .
I set security permission on shared folders like you (RWXD) and also I remove “P” and “O” permissions. With these security permissions the users can create/save/open/delete folders or files but can’t change permissions. Any new folder will copy automatically the permission from the parent folder. Maybe you modify the permissions of the parent folder after users create other subfolders. Try for one parent folder to use.
Now if your share is on a workstation where the user has admin rights you can’t force these settings.
About everyone group, this can be a security issue. Recommended is to replace it in your permissions settings with Domain Users.These permissions settings are OK. Verify again!
-
June 9, 2002 at 11:25 pm #3657057
prevent users from modifying permissions
by shanghai sam · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
Thanks for your reply. Indeed, I’ve tried many times before submitting my call.
The user cannot modify his parent home folder; but for any folder he creates underneath (which theoretically inherits the Change permissions from the home folder) , actually he can even change his own permissions from Change to Full!
I have tried with several NT4 servers (SP5 to SP6a) with same results!
-
-
June 10, 2002 at 12:01 am #3657029
prevent users from modifying permissions
by gigelul · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
OK! Let?s try a dialogue. Post only comments!
You can see in owner tab who changed the permissions. This user is member of a special group?
Give me an example about permissions for a parent folder and a subfolder.-
June 10, 2002 at 5:30 pm #3410198
prevent users from modifying permissions
by gigelul · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
About folder U:\User1\test, you are right. User1 can change the permissions because he is the Owner of this folder.
You can:
-create only you the news folders (critical folder-maybe to hard)
-allow only one user per department to manage permissions/create folders
-use periodicallyto block permissions changes
-instruct users to avoid mistakes -
July 12, 2002 at 1:14 am #3593681
prevent users from modifying permissions
by rozan · about 21 years, 9 months ago
In reply to prevent users from modifying permissions
Poster rated this answer
-
-
June 10, 2002 at 12:32 am #3657007
prevent users from modifying permissions
by rozan · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
Thanks for trying again!
I’ve checked all the group’s cumulative permissions and inheritance issues.
Here follows the setup:
The shared volume disk is named U:
Permissions on root of U: are:
Everyone: R
Domain Admins: F
System: FThe User1’s homedir is named U:\user1
Everyone: R
Domain Admins: F
System: F
(all above inherited from parent)
User1: C (RWXD) (RWXD)
(added at creation of folder)Now, if I log in as User1, create a subfolder U:\user1\test, it originally inherits the same perms as folder U:\user1
But, as User1, actually I can add permissions to other users, remove others and even upgrade my perms from C to F, or even delete all perms in the list, whereas theoretically I had no P permission there!
You may tryit and you’ll see… -
June 10, 2002 at 2:24 am #3656930
prevent users from modifying permissions
by timwalsh · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
Take a look at ownership of the directories in question. An owner has full control (and can reset permissions) of a file or directory regardless of other permissions set unless a specific set of permissions are set up for the Creator/Owner user object.
-
July 12, 2002 at 1:14 am #3593682
prevent users from modifying permissions
by rozan · about 21 years, 9 months ago
In reply to prevent users from modifying permissions
Poster rated this answer
-
-
June 10, 2002 at 4:08 pm #3410214
prevent users from modifying permissions
by rozan · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
Hi Tim,
Thanks for your reply.
I thought about that too: even if I set U:\user1 with the perms for Owner/Creator to C (RWXD, User1 (who is creator/owner of subdir U:\user1\test), I cannot limit his perms! User1 can still modify the perms on the subdir he creates. -
June 10, 2002 at 6:15 pm #3410195
prevent users from modifying permissions
by gperrie · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
My understanding was anyone who created a folder was automatically the owner. And the owner always has the rights to change the permissions.
Like the old scenario on NT training courses – A user leaves the company, you want to transfer their files to the replacement but have no permission to the folder, what do you do? Take ownership and reassign permissions.
Gavin
-
July 12, 2002 at 1:14 am #3593683
prevent users from modifying permissions
by rozan · about 21 years, 9 months ago
In reply to prevent users from modifying permissions
Poster rated this answer
-
-
June 12, 2002 at 4:13 am #3656203
prevent users from modifying permissions
by itadmin-dquick · about 21 years, 10 months ago
In reply to prevent users from modifying permissions
If you are using NT 4.0 you need to upgrade to SP6a if you havent’ done that already.
After you are done with that step, you need to download the Microsoft Security Mangement Consol, a snap-in for MMC. After you install this it implements that file security features from Windows 2000. You will have greater flexability with these permissions, but warn you, make sure you set the inheritance property correctly, or you will be up all night manually resetting permissions.
-
July 11, 2002 at 6:27 pm #3593820
prevent users from modifying permissions
by rozan · about 21 years, 9 months ago
In reply to prevent users from modifying permissions
Poster rated this answer
-
-
July 12, 2002 at 1:14 am #3593680
prevent users from modifying permissions
by rozan · about 21 years, 9 months ago
In reply to prevent users from modifying permissions
This question was closed by the author
-
-
AuthorReplies
