On 2007-09-04 Megan Kielman wrote:
Ansgar/Geekwench -
I believe that both of you have misunderstood the original question.
You believe wrong.
The OP specifically asked what would happen if the Create
Folders/Append Data & Create Files/Write Data permission were removed
because he ONLY wants to provide Read and Execute permission to that
directory. I followed his question with another question about why
when Read and Execute, List Folder Contents, and Read are granted,
there is a "special" permission" allowing users to Create
Folders/Append Data and Create Files/Write Data.
To repeat myself: there isn't. Read permissions do NOT include (nor do
they imply) the special permissions "Create Files/Write Data" or "Create
Folders/Append Data".
You both keep mentioning that Create Folders/Append Data & Create
Files/Write data is needed so users can do their work
Which is why this set of permissions is the DEFAULT for newly created
volumes. You can change permissions from there.
but in my experiences there are many cases where users only need to
read for certain directories.
So? If that's all they need then grant them only that.
Is there some functional reason why read only on directories is not
sufficient? Is it temp files, as The OP asked earlier?
Nobody ever said read permissions were not sufficient for read-only
access. You keep misreading what's been said in this thread. All I've
been saying is that removing the special permissions MAY cause problems
(e.g. in situations where opening a file results in creation of a
temporary file in the same directory). It's up to the OP to decide if he
can live with these issues, or if they're issues for him in the first
place.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
