Q: File/Folder Permissions

  • Thread starter Thread starter Jakob Bieling
  • Start date Start date
J

Jakob Bieling

Hi!

I am setting up rights for users and I am running into difficulties.
Some folders are read-only with execute access and some are read-write
without execute access. So far, this all works fine. Now suppose the user
browses to a read-write folder and creates a new folder there. Now the
permissions for that newly created folder can be freely changed, meaning the
user can set it to read-write *with* execute permissions, as well. It seems
like as the creator, the user has special rights, so I tried changing the
rights for 'CREATOR OWNER' and having them inherited all the way thru the
file system, but nothing changed.
Ideally, I would like all newly created objects to be owned by the
admins, so the creator gets no special rights. Not sure if that is possible
or solves my problem even, but if not, is it possible to really restrict the
creator rights?
In the end, I want all created files in a folder with
read-write/no-execute permissions, to get those permissions, and not any
other permissions I did not specify. That reminds me: in the above case, the
permission flag for 'Change permission' is not set, which makes it even more
unclear to me.

Any help is greatly appreciated!
 
Try removing the creator owner as it seems you do not need it in your situation. ---
Steve
 
Steven L Umbach said:
Try removing the creator owner as it seems you do not need it in your
Click to expand...
situation. ---

Hi Steve

thanks for the suggestion, but the same problem still persists: I create
a new subfolder in a folder where I have all write and read permissions, but
no execute and change-permission permissions and I *am* able to change the
permissions. I also tried using the creator owner and only having it
explicitly deny the execute permission, but even that does not work. Why
does it seem like the creator owner permissions have no effect at all? I
doubt that the permission system is buggy, so how do I change this? Running
SP4 btw.

Thanks for the help!
 
First make sure that the everyone group does not have full permissions to the
root/drive folder. Usually you want everyone and users to have no more than
read/list/execute permissions to the root folder including in advanced permissions.
If you don't need owner creator try removing it. Otherwise go into advanced
permissions for the top folder you are configuring and in advanced permissions give
owner creator the exact permissions you want it to have to see if that helps. ---
Steve
 
Steven L Umbach said:
First make sure that the everyone group does not have full permissions to the
root/drive folder. Usually you want everyone and users to have no more than
read/list/execute permissions to the root folder including in advanced permissions.
If you don't need owner creator try removing it. Otherwise go into advanced
permissions for the top folder you are configuring and in advanced permissions give
owner creator the exact permissions you want it to have to see if that helps. ---
Steve
Click to expand...


Well, the everyone group exists at root level, but not for many other
directories. Not too sure exactly where I have permissions for everyone and
where not, but I do know that it is always read/execute for the everyone
group.

One thing that caught my eye was the SYSTEM group, though. It does have
full access, but only because it was there from the beginning. It looks like
I should not remove it (just by the name ;)) .. but what exactly is it for
and (where?) do I need it? Other than that, I only have the admins with full
control ..

Thanks!
 
System, basically means the operating system and you want to leave it at full control
as you do administrators. I mention the everyone group because I remember a while
back that there was a user with an issue implementing user permissions in a subfolder
to the root and even though he gave the user explicit permissions, they did not work
as expected. I tried the same scenario an it turned out that as long as the everyone
group had full control of the drive/root folder that subfolder explicit permissions
did not restrict users properly. Weird but that is what seemed to be the
roblem. --- Steve
 
Back
Top