Possible to deny all permission changes inside a CIFS share?
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Possible to deny all permission changes inside a CIFS share?
by Adam McDougall
::
Rate this Message:
I was wondering if in any way it would be possible to prevent all NTFS
permission changes inside a CIFS share or volume, including by file owners. I'm not concerned about the admins, but we want to support a strict permission structure with writable directories according to inherited permissions, but not allow end users to subvert the permission scheme by changing permissions on files they own. Wondering if there is any way to do this, or even if there are plausible or solid reasons why it would not be possible at all. I know you can remove the 'Change Permissions' NTFS property, but file owners can change their own. Thanks for any input. |
|
|
RE: Possible to deny all permission changes inside a CIFS share?
by Kevin Parker-3
::
Rate this Message:
Adam,
Simple (I think, unless I'm missing something). Give them NTFS "modify" (or RWXD) permission. This allows them to do everything they want with their data except change permissions. They'll have authority to view perms only, not change. Best regards, ~~~~~~~~~~~~~~~~ Kevin Parker Mobile: 919.606.8737 http://theparkerz.com ~~~~~~~~~~~~~~~~ -----Original Message----- From: owner-toasters@... [mailto:owner-toasters@...] On Behalf Of Adam McDougall Sent: Tuesday, June 03, 2008 8:56 AM To: toasters@... Subject: Possible to deny all permission changes inside a CIFS share? I was wondering if in any way it would be possible to prevent all NTFS permission changes inside a CIFS share or volume, including by file owners. I'm not concerned about the admins, but we want to support a strict permission structure with writable directories according to inherited permissions, but not allow end users to subvert the permission scheme by changing permissions on files they own. Wondering if there is any way to do this, or even if there are plausible or solid reasons why it would not be possible at all. I know you can remove the 'Change Permissions' NTFS property, but file owners can change their own. Thanks for any input. |
|
|
Re: Possible to deny all permission changes inside a CIFS share?
by Adam McDougall
::
Rate this Message:
That will disallow permission changes to the existing folder, but if
they can make new content inside (as will be required), they own it and can set the permissions on those objects. That is what I am looking to prevent. Kevin Parker wrote: > Adam, > Simple (I think, unless I'm missing something). > Give them NTFS "modify" (or RWXD) permission. This allows them to do > everything they want with their data except change permissions. They'll have > authority to view perms only, not change. > > Best regards, > ~~~~~~~~~~~~~~~~ > Kevin Parker > Mobile: 919.606.8737 > http://theparkerz.com > ~~~~~~~~~~~~~~~~ > > -----Original Message----- > From: owner-toasters@... [mailto:owner-toasters@...] On > Behalf Of Adam McDougall > Sent: Tuesday, June 03, 2008 8:56 AM > To: toasters@... > Subject: Possible to deny all permission changes inside a CIFS share? > > I was wondering if in any way it would be possible to prevent all NTFS > permission changes inside a CIFS share or volume, including by file owners. > I'm not concerned about the admins, but we want to support a strict > permission structure with writable directories according to inherited > permissions, but not allow end users to subvert the permission scheme by > changing permissions on files they own. Wondering if there is any way to do > this, or even if there are plausible or solid reasons why it would not be > possible at all. I know you can remove the 'Change Permissions' NTFS > property, but file owners can change their own. > Thanks for any input. > > |
|
|
RE: Possible to deny all permission changes inside a CIFS share?
by Michael Schipp
::
Rate this Message:
I do not believe you short of scheduling a script to reset owner and permission on a nightly basses.
-----Original Message----- From: owner-toasters@... [mailto:owner-toasters@...] On Behalf Of Adam McDougall Sent: Wednesday, 4 June 2008 12:48 AM To: Kevin Parker Cc: toasters@... Subject: Re: Possible to deny all permission changes inside a CIFS share? That will disallow permission changes to the existing folder, but if they can make new content inside (as will be required), they own it and can set the permissions on those objects. That is what I am looking to prevent. Kevin Parker wrote: > Adam, > Simple (I think, unless I'm missing something). > Give them NTFS "modify" (or RWXD) permission. This allows them to do > everything they want with their data except change permissions. They'll have > authority to view perms only, not change. > > Best regards, > ~~~~~~~~~~~~~~~~ > Kevin Parker > Mobile: 919.606.8737 > http://theparkerz.com > ~~~~~~~~~~~~~~~~ > > -----Original Message----- > From: owner-toasters@... [mailto:owner-toasters@...] On > Behalf Of Adam McDougall > Sent: Tuesday, June 03, 2008 8:56 AM > To: toasters@... > Subject: Possible to deny all permission changes inside a CIFS share? > > I was wondering if in any way it would be possible to prevent all NTFS > permission changes inside a CIFS share or volume, including by file owners. > I'm not concerned about the admins, but we want to support a strict > permission structure with writable directories according to inherited > permissions, but not allow end users to subvert the permission scheme by > changing permissions on files they own. Wondering if there is any way to do > this, or even if there are plausible or solid reasons why it would not be > possible at all. I know you can remove the 'Change Permissions' NTFS > property, but file owners can change their own. > Thanks for any input. > > ************************************************************************************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************************ |
|
|
Re: Possible to deny all permission changes inside a CIFS share?
by Sto RageĀ©
::
Rate this Message:
On Tue, Jun 3, 2008 at 7:47 AM, Adam McDougall <mcdouga9@...> wrote:
> That will disallow permission changes to the existing folder, but if they > can make new content inside (as will be required), they own it and can set > the permissions on those objects. That is what I am looking to prevent. > I don't think that's true if you also enable "Inherit from Parent". Here's what we normally do for all of our CIFS shares - Set Full Control for "Storage Admins" group - Set Modify for the users that need access. - Set Inherit permissions. - If we are resetting permissions for some reason, then we also enable "Replace permission entries on all child objects..." which is a one time operation. Has been work well for us for the past 5 years, -G |
| Free Forum Powered by Nabble | Forum Help |