On 2007-09-04 Megan Kielman wrote:
On 9/4/07, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote:
On 2007-09-03 Megan Kielman wrote:
On 8/24/07, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote:
If you remove those ACEs your users will be unable to create files
and folders on that partition. That may cause problems e.g. in cases
when they need to open files with progams like MS Word, because Word
creates temp files in the same directory as the document.
How is the Create Folders/Append Data and Create Files/Write Data
permission different then Write?
The former two are subsets of the latter. "Write" permissions consist of
these four basic permissions:
- Create Files/Write Data
- Create Folders/Append Data
- Write Attributes
- Write Extended Attributes
How does it differentiate an action where the user intends to
create/write data versus creating a temp file as a byproduct of
opening a Word doc?
You aren't asking what the difference between writing to an already
existing file and creating a new file is, are you?
No, I am asking for clarification on the original question. Why when a
user is grated Read & Execute are they also granted the special
permission Create Folders\Append Data and Create Files\Write Data?
Of course not. What gave you that idea? In the OP's case the partitions
have the special permissions "Create Files/Write Data" and "Create
Folders/Append Data" ON TOP OF the Read & Execute permissions.
Is it only so that a user can create temporary files?
Although there are situations where read-only access will suffice, users
will need some kind of write access to data partitions in most cases,
because they need to work with/on that data. That's why by default users
have the rights to create files and folders on (data) partitions.
It seems silly to me that when you grant someone read access they by
default can also write.
They can't.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
