Terry said:
I want to put a share out that allows a set of people to write new files
out
there but not allow anyone but the group owners to delete/modify. If not
that, then allow a set of groups to upload files to but not delete,
provide
read only on new files. I know how to do it on unix, just not here.
Basically, I need a sticky bit!
Terry,
Keep in mind that there are two levels of permissions for
access to shares that have their storage on NTFS.
The share permissions are no where near as granular as
the NTFS permissions. IMO one ought to use the share
permissions effectively, not no-op them out of the picture
such as by use of Everyone Full. In your case, if you have
a single group that is allow to write, then one would set
that group to have Change share permission, and then
grant Read to such as Domain Users or Authenticated
Users (if the entire forest is instead appropriate). To
effect your objectives you would grant Read or Read
and Execute to the broad group at the NTFS level, grant
create to the specific group, and grant Modify to the
Creator Owner group (which will confer Modify to the
account, not the group of the account that creates the new).
You could look at the NTFS settings on the install partition
of an XP for an example.
Roger
