Windows – “This folder only” permission propagating

file-permissionspermissionswindows

On a Windows network(no active directory), I can go to a local folder and under a folder select Properties->Security(tab)->Advanced(btn)->Change Permissions…(btn)->Add…(btn)->

Select a user and in the "Permission Entry for *" window

Set a couple permission such as Traverse/List/Read
Apply to: This folder
False/Unchecked for "Apply these permission to objects…"

I just want to add permissions for the current folder, and let other folders inherit those permissions(rather than explicitly setting those permissions on the child objects).

However, when I click Ok or Apply, the "Setting security information on:" dialog comes up and it is enumerating all the child objects. What is it changing? Why is this operation enumerating everything? It should only be modifying the ACL of the current item!

Also "Replace all child object permissions" is set to false for the folder I am modifying.

Best Answer

This is standard behavior. It will add the permissions you set to those folders, but marks them as child permissions.

Go to a subfolder, and check its permissions, and you'll notice those permissions are greyed out (child permissions).

If you want to have the child objects not have these permissions, you'll have to edit the first child folder and correct the permissions.

Usually a network system administrator will suggest to have a subfolder with no childs created and apply the new rights to that folder, then move the files that should have these rights there. This way, any subfolder will have the same rights and you don't worry about child objects not having different access rights.

Because if you deny a user to enter this directory, and you allow that user child directories, they will not be able to get there unless they manually enter that address. Only a person who knows that directory exists and how to manually get there will have access, something not many do. (which is why security settings are set to all child folders when changed, because it usually needs to have those permissions all the way down to the last child folder.

Related Solutions

Windows 7: “Replace All Child Object Permissions” Doesn’t Stay Checked

This is not just in Windows 7, this happens in Windows XP and on Windows Server as well. The permissions were already applied and the check box does not stay ticked. It only executes the command once.

What permissions on /var/mail directory

The permissions drw-rws--- on directories are wrong because even the owner of the directory cannot go into them, due to the lack of the x bit (=1 when using the numeric form).

You can test this by yourself by doing this as a normal user (not root):

$ mkdir -m 2670 /tmp/testdir
$ ls -ld /tmp/testdir
drw-rws--- 2 vmail vmail 4096 Apr  3 23:16 /tmp/testdir
$ cd /tmp/testdir
bash: cd: /tmp/testdir: Permission denied

I think that these lines in your current script:

chmod -R 0660 /var/mail/*.com
chmod -R g+rwxs /var/mail/*.com

should be instead:

chmod -R 2770 /var/mail/*.com

Best Answer

Related Solutions

Windows 7: “Replace All Child Object Permissions” Doesn’t Stay Checked

What permissions on /var/mail directory

Related Question