On 2007-09-05 Megan Kielman wrote: > On 9/4/07, Geekwench <[EMAIL PROTECTED]> wrote: >> Note, again, that the original post referenced a VOLUME. As in a >> partition. A drive. An entire chunk of space allocated on a disk. NOT >> A FOLDER. It is fairly rare for somebody to want an entire volume to >> be read-only (in fact, creating a volume and then disallowing any >> writes to the volume would be pretty, well, dumb), which is why the >> default permissions allow users to create and store data on the >> volume. Don't confuse your choosing to manually designate a folder as >> "read only" with the operating system setting the default permissions >> on an entire volume to allow data to be created and stored on that >> volume. That is what a volume is *for*- to store data of some kind. > > You continue to refer to the volume as a "data" volume but the default > permissions apply to ALL volumes, including system volumes. Users do > not need any write permission to system volumes.
You hardly ever create a new system volume from within a running Windows system, thus a newly created volume is most likely a data volume, in which case the default permissions are just fine. Besides, since Windows by default creates the user profiles on the system volume users do need write permissions to at least some directories on the volume. I do, however, agree that it was a bad decision for Microsoft to allow normal users to create files/folders in the root directory of the system volume, and removing those special permissions from the root directory is one of the first things I do on all my Windows installations. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
