On 2007-09-03 Megan Kielman wrote: > On 8/24/07, Ansgar -59cobalt- Wiechers <[EMAIL PROTECTED]> wrote: >> On 2007-08-22 Robert McIntyre wrote: >>> On my Windows 2003 servers we create a data partition and format it >>> with NTFS. The default permissions for Users are Read & Execute, >>> List Folder Contents, and Read. This is what we want. But the >>> Users account also gets the special permissions Create >>> Folders\Append Data and Create Files\Write Data. >>> >>> From the articles that I have seen on TechNet, the special >>> permissions are not needed if we only want read access. So why are >>> they there by default? What purpose do they serve? If we remove >>> the special permissions will it cause problems? >>> >>> The only thing that I could think of is that maybe it is needed to >>> create a temporary file when you open a document for reading. >> >> If you remove those ACEs your users will be unable to create files >> and folders on that partition. That may cause problems e.g. in cases >> when they need to open files with progams like MS Word, because Word >> creates temp files in the same directory as the document. > > How is the Create Folders/Append Data and Create Files/Write Data > permission different then Write?
The former two are subsets of the latter. "Write" permissions consist of these four basic permissions: - Create Files/Write Data - Create Folders/Append Data - Write Attributes - Write Extended Attributes > How does it differentiate an action where the user intends to > create/write data versus creating a temp file as a byproduct of > opening a Word doc? You aren't asking what the difference between writing to an already existing file and creating a new file is, are you? Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
