Back docs > winnt > NT4 permissions
     
   
   

 

NTFS Basic File and Directory Permissions

Read (R) Allows you to look at or view files or folders.
Write (W) Allows you to create a file or folder.
Execute (X) Allows you to traverse directories, run programs, open files.
Delete (D) Allows you to delete files or folders.
Change Permissions (P) Change the permissions on files or folders
Take Ownership (O) Take Ownership of files or folders.


Share Permissions

No Access No access, period.
Read View directories and files, open directories and files, traverse
directories, execute program files.
Change The Read permission plus… add and delete files and subdirectories,
modify files and subdirectories.
Full Control The Change permission plus… modify permissions on files and
directories, and take ownership

 

NTFS Standard Permissions for Folders

Note: The 1st sets of parentheses indicate basic permissions on the folder,
the 2nd set indicate basic permissions on the files in the folders.

No Access (None) (None) No Access, period.
List (RX) Can view directories, subdirectories and their files, navigate directory structure and view file and directory permissions.
Read (RX) (RX) View files and subdirectories in a directory, traverse the directory structure, view attributes of files, and view permissions and owner of directories.  Allows you to open or execute files and programs.
Add (WX) Allows you to write files to a directory and it's subdirectories. You cannot view subdirectories, or view files in the directory or it's subdirectories.
Add and Read (RWX) (RX) Allows you to add files to a directory, traverse the directory structure, view files in the directory and subdirectories, open files and run programs.
Change (RWXD) (RWXD) You can read, write, create, delete and modify the directory, subdirectories and files.
Full Control (ALL) (ALL) The change permission plus… change folder and file permissions, and take ownership.
Special Directory Access Assign the individual basic permissions to a folder.
Special Files Access Assign the individual basic permissions to a file.
   

NTFS Standard Permissions for Files

No Access No Access, period.
Read View files and open a file. You cannot run programs (.exe, .com, bat, etc.)
Change You can view, write, create, delete, modify and open the file. You can also run program files.
Full Control The Change permission plus… change file permissions, take ownership.
Special Access Assign the individual basic permissions to a file.


Terms


View:
Means to look at. If you can view a file or folder, you can see it.
Open:
If you can open a .doc file, then double clicking on it will open the file
In Word. If it is a .txt file, it will open in Notepad. Opening a directory
allows you to see the contents of the directory.
Run:
To start a program file. Double clicking on notepad.exe will run or
start Notepad.
Traverse:
To move up and down. Navigate a directory and it's subdirectories.

Note:
The "Bypass Traverse Checking" right that is by default assigned to
The Everyone group, allows you to traverse a directory structure even
If you don't have the Execute (X) Directory permission…. Unless your
permissions explicitly don't allow it. For example, the Add permission.


NTFS file permissions for groups add up. If group A has the Read permission for a directory,
and Group B had the Change permission for that same directory, then a person who is in both Group A and Group B will have the Read and Change permissions for that directory.
(Effectively, they have the Change permission, since Change includes Read)
No Access overrides all other permissions. If group A has the No Access permission for a directory, and Group B has the Change permission for that same directory, then a person who is in both Group A and Group B will have the No Access permission for that directory.
When combining Share permissions and NTFS file permissions, the more restrictive takes precedence.
File permissions override directory permissions. If you have Read permissions for a directory, and in that directory there is a file that your Read permission was removed from, you will not be able to read that file. This will not work with the Delete permission. In the case of Delete, the directory permission takes precedence.
Files and Directories inherit permissions from the directory they are created it.
When you copy (or move) a folder that has specifically been shared (rather than just inheriting sharing from its parent), the original remains shared, but the copy is reset to Not Shared. However, if you copy the folder to a drive or folder that is shared, it will inherit the sharing setting of its new parent location.
When you copy or move a file or folder from an NTFS partition to a FAT or FAT32 partition, all NTFS permission settings are removed, leaving it wide-open for anyone to access.
When you copy to another NTFS partition, or within the same partition, any old NTFS permissions assigned specifically to the original are stripped away, and it inherits NTFS permissions from the new location. In order to copy, you must have Write permission for the destination. The user doing the copying becomes the CREATOR OWNER of the copy.
When you move a file or folder to another NTFS partition, the permissions work just like copying. Any old permissions are removed, and the file or folder inherits permissions from the new location. You must have Change permission for the file or folder being moved and Write permission for the destination partition or folder. The user doing the moving becomes the CREATOR OWNER of the file.
When you move a file or folder to a different location on the same NTFS partition, the moved file or folder does inherit permissions from the new location, but if there were any permissions set specifically for that object, they are retained and they override the new inheritances. You must have Change permission for the file or folder being moved and Write permission for the destination partition or folder. The CREATOR OWNER does not change.

 

Permissions for a Users Share
If you want to create user home directories on your NT server, do this:

1. You need to be using the NTFS file system.
2. Create a Users Directory on a one of your partitions, D:\Users
3. For NTFS File Permissions, assign Administrators Full Control,
and for the Authenticated Users group (or the Everyone group) give them
Read (RX) (RX) permissions only, to D:\Users.
4. Share the D:\Users directory and give it Full Control Share permissions for the Authenticated Users group (or the Everyone group).
5.

For the individual user's subdirectory that will be created under D:\Users,
give each user Full Control NTFS Permissions to their own directory, and remove any other users from the directory, except Administrators.


    Top

b/johnson:01