Default file/folder security permissions for a new user

  • Thread starter Thread starter renegade_master_12121
  • Start date Start date
R

renegade_master_12121

In windows xp, I do the following:

Create new user (Bob). Remove bob as a member of the Users group (he
now is a member of no group). Go to some folder on my box. e.g. C:
\randomstuff. Check the security of this. Check the effective
permissions of Bob with respect to this folder (to find out what he
can reall do). Bob seems to be default be able to do a lot of things
with this folder "by default". He can do:


Traverse Folder / Execute File
List Folder / Read Data
Read Attributes
Read Extended Attributes
Create Folders / Append Data
Create Files / Write Data
Read Permission

How is this? Why does a new user get to do all this stuff to
anywhere on my box?

Thanks
 
The reason is that the folders in question will have "Everyone" group
permissions applied. Since membership of this group is automatic (and doesn't
appear in usermanager) Bob doesn't need to be in any specific group to access
them.

-Is this a bad arangement? Linux afficonados would certainly say yes. Matter
of opinion I suppose.
 
Anteaus said:
The reason is that the folders in question will have "Everyone"
group permissions applied. Since membership of this group is
automatic (and doesn't appear in usermanager) Bob doesn't need to
be in any specific group to access them.

-Is this a bad arangement? Linux afficonados would certainly say
yes. Matter of opinion I suppose.

"Everyone" group is likely not involved.
More than likely "Authenticated Users" - and/or "Users".

Remove "Authenticated Users" (not a group where you can easily (if at all)
control membership) and "Users" from those who have permissions to the
folder.

Controlling access to resources means controlling the permissions on the
resources as much as you control the membership in the groups who will/will
not have access to said resources... ;-)
 
Back
Top