Pages

9/04/2007

Windows::NTFS Permissions



From: Windows IT Library

NTFS Permissions and Files



NTFS
file permissions are used to control the access that a user, group, or
application has to files. This includes everything from reading a file to
modifying and executing the file. There are five NTFS file permissions:




  1. Read



  2. Write



  3. Read & Execute



  4. Modify



  5. Full Control



The five NTFS file permissions are also
listed in Table 1 with a description of the access that is allowed to the
user or group when each permission is assigned. As you can see, the permissions
are listed in a specific order. They all build upon each other.



















TABLE 1: NTFS FILE PERMISSIONS
NTFS
File Permission
 
   Allowed Access
Read
  This allows the user or group to read the file
and view its attributes, ownership, and permissions set.
Write
This allows the user or group to overwrite the
file, change its attributes, view its ownership, and view the permissions set.
Read
& Execute   
  This allows the user or
group to run and execute the application. In addition, the user can perform all
duties allowed by the Read permission.
Modify
This allows the user or group to modify
and delete a file including perform all of the actions permitted by the Read,
Write, and Read and Execute NTFS file permissions.
Full
Control
This allows the user or group
to change the permission set on a file, take ownership of the file, and perform
actions permitted by all of the other NTFS file permissions.




If a user needs all access to a file
except to take ownership and change its permissions, the Modify permission can
be granted. The access allowed by the Read, Write, and Read & Execute are
automatically granted within the Modify permission. This saves you from
assigning multiple permissions to a file or group of files. In later
discussions in this chapter you will see what happens when multiple NTFS file
permissions are assigned and applied and how you can determine the net access
the user or group has to that file or folder.








NOTE: A
file's attributes are properties of the file such as Read-Only, Hidden,
Archive, and System. The System attribute is usually applied only to operating
system boot files.




NTFS Permissions and Folders


NTFS Folder permissions allow what access is granted to a folder and the files and
subfolders within that folder. These permissions can be assigned to a user or
group. This topic defines each NFTS folder permission and its effect on a
folder. Table 2 displays a list of the NTFS file permissions and the access
that is granted to a user or group when each permission is applied.





















TABLE 2: NTFS FOLDER PERMISSIONS
NTFS
File Permission
    Allowed Access
Read
  This allows the user or group to view the
files, folders, and subfolders of the parent folder. It also allows the viewing
of folder ownership, permissions, and attributes of that folder.
Write
This allows the user or group to create new
files and folders within the parent folder as well as view folder ownership and
permissions and change the folder attributes.
List
Folder Contents
    This allows the user or
group to view the files and subfolders contained within the folder.
Read
& Execute
    This allows the user or
group to navigate through all files and subfolders including perform all
actions allowed by the Read and List Folder Contents permissions.
Modify
This allows the user to delete the folder
and perform all activities included in the Write and Read & Execute NTFS
folder permissions.
Full
Control
This allows the user or group
to change permissions on the folder, take ownership of it, and perform all
activities included in all other permissions.





Notice that the only major difference
between NTFS file and folder permissions is the List Folder Contents NTFS
folder permission. By using this NTFS folder permission you can limit the
user's ability to browse through a tree of folders and files. This is useful
when trying to secure a specific directory such as an application directory. A
user must know the name and location of a file to read or execute it when this
permission is applied to its parent folder.

No comments: