we have a Windows 7 server and I've been asked to set it up so no one can move files in the root directory except for 3 users and still allow everyone to access/create files in subdirectory.
Example:
We have a drive, X:/
We don't want people to move any folders inside X:/
But in X:/SomeFolder we want people to have full permissions to create, move, and modify files.
I got the move restriction setup by disallowing delete for subfolders in the current directory, but it restricted access on sub-sub folders as well.
Anyone have a clue on how to do this?
When changing the permissions to block users from moving folders, set them to apply to This Folder Only:
(source: winhelp.us)
Assuming you have two groups, Users and Administrators, and no other permissions currently configured on X::
Grant Administrators Full Control, applied to This Folder Only
Grant Users the following permissions, applied to This Folder Only:
Traverse Folder
List Folder Contents
Read Attributes
Read Extended Attributes
Read Permissions
Create Files
Create Folders
Related
I have a web app that creates a temp. folder in the website root, writes some files into it, and then zips the folder. Everything works fine on my machine. I had to add two extra users to make it work. IUSR and IIS_IUSRS - Both with a full access. The QA persion is reporting that she is getting an error. What I see happening is that no temp. folder is created, however, the zip is altghough with wrong files inside. Can some one please explain is there a difference in permissions to create a file and create a folder?
Thanks
I have just set up a new user for ftp connection first time. I am trying to block off all permissions on all c drive folders but their their user folder. Currently they can see files in the windows folder which I tried changing using the properties and security deny permission for user, but it didnt allow me to do it.
Whats the best way to set this up? And block all visual access to folders but their own user folder.
Any questions, let me know and I'll clarify as best as I can.
Can use bitvise to restrict users to a root directory without touching any permissions on the directory itself
I have an InstallScript installer that utilizes dynamic file links for several components. These components contain configuration files that standard users should be able to edit. We recently discovered that when these files are installed on Windows Server 08, the permissions are set to full access for the Administrators group, but only read & execute access for the Users group. The typical install location is C:\programName.
I've tried creating new files manually as an admin (right click - new text file) in the C:\programName directory, and they are generated with identical permissions. I'm assuming that this is just the standard permission setup for new files.
Is there any way, within InstallShield, to set the permissions for dynamically linked files or the directory containing them?
I've looked for permission settings in
Organization -> Components
Application Data -> Files and Folders
but I haven't found anything. The documentation on dynamic file links makes no mention of permissions.
We are using InstallShield 2010.
Generally these permissions are a good thing; they're inherited from their parent folders. Non-administrator users (including the limited access admin before accepting a UAC prompt) should be unable to modify files under Program Files or C: so I would suggest addressing this concern in your application (for instance by using each user's Documents folder). Since you don't talk about why you need it, it's hard to say with certainty if this applies to your case.
If it turns out it does make sense to address this in the installation instead of the application, you can use the SetObjectPermissions API to set permissions programmatically.
In "Files and Folders" page right-click the file or folder, select Properties and click the Permissions button. In the "Permissions" dialog you can then right-click in the Name(s) list and use the New context menu option to add a new permission.
If the option is not available for a file, you can try setting it on the parent folder.
I want to share a folder among all users of a group : dev. So that all files are regardless of the owner can be edited by anyone in the group.
I have created the shared folder and set the respective permissions to the folder.
When a user creates a new file in that folder it belongs to owner:dev
But the permission for the files are rw-r--r--
So other users who belong the same group are not able to edit the files.
Like default group become "dev" how can I set the default permission for the files created in that directory.
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
This really belongs on serverfault and I already mentioned there's almost an exact duplicate there, but anyway there's a nice little solution you can use, which is the FUSE bindfs module (there's a package in ubuntu). You use it to mount one directory onto another mountpoint and can set things such as the default permissions of any files created here, their owner, group and the permissions of files already in the directory (which is what you seem to want).
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
That's the only way to do it, unless those "other tools" are themselves able to adjust permissions.
If you have root access, you can set the default umask for everyone to 002 from /etc/bashrc (assuming bash the default shell for the users in question).
A hack (and this is less preferable to umask) is to setup a cron job that will run every minute and do a chmod -R g+w <dir>.
I am a bit lost with Linux file and directory permissions. What I would like to do is have one user be able to create, delete, and rename directories, while other users are not able to do so, but they should be able to read and write to the directories as well as traverse them.
So group 'storage' has access to directory /workspace, those are the users which are not supposed to be able to create, delete, or rename directories. Group 'storageAdmin' also has access to directory /workspace, but is able to create, delete, or rename directories within.
Whenever 'storageAdmin' creates a new directory it should automatically be accessible to 'storage' such that they can read and write files within it.
Am I correct in that /workspace needs to be owned by 'storageAdmin' and be set to chmod 775 for this to work properly?
The correct permissions are 2775, setting the set gid bit too. This causes new files and directories to inherit the parent's permissions, owner and group.
Be aware though, that the standard unix permissions do not allow you to restrict access to the directory to the storage group after chgrping it to storageAdmin. Everyone has access now according to the other permission set.
Use Posix ACLs or SE Linux if you really need more fine grained access controls.