> What permission combination allows a user to check
> permissions, but not read, a file? And what tool do
> I use to set that perm?
You can do this through the Explorer GUI under NT4 with SP 4 or 5 (I forget
which one) and a Microsoft utility (I believe it's called the Security
Configuration Editor) or Win2K. There's a very complex matrix of permissions
under NT.
If you don't have the SCE installed, you can still manipulate all of this
stuff from the command line using CACLS. Here's a copy of a console where I
ran CACLS to display rights for a cfm file which allows the IUSR_MACHINENAME
account to check permissions, but not read the file:
C:\Inetpub\wwwroot\test\authtest\authtest.cfm
NT AUTHORITY\SYSTEM:(DENY)(special access:)
FILE_READ_DATA
BUILTIN\Administrators:(OI)(CI)F
DAVE\IUSR_DAVE:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_EXECUTE
FILE_READ_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
NT AUTHORITY\SYSTEM:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_EXECUTE
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
