On 2007-09-04 Megan Kielman wrote: > On 9/4/07, Ansgar -59cobalt- Wiechers <[EMAIL PROTECTED]> wrote: >> On 2007-09-03 Megan Kielman wrote: >>> On 8/24/07, Ansgar -59cobalt- Wiechers <[EMAIL PROTECTED]> wrote: >>>> If you remove those ACEs your users will be unable to create files >>>> and folders on that partition. That may cause problems e.g. in cases >>>> when they need to open files with progams like MS Word, because Word >>>> creates temp files in the same directory as the document. >>> >>> How is the Create Folders/Append Data and Create Files/Write Data >>> permission different then Write? >> >> The former two are subsets of the latter. "Write" permissions consist of >> these four basic permissions: >> >> - Create Files/Write Data >> - Create Folders/Append Data >> - Write Attributes >> - Write Extended Attributes >> >>> How does it differentiate an action where the user intends to >>> create/write data versus creating a temp file as a byproduct of >>> opening a Word doc? >> >> You aren't asking what the difference between writing to an already >> existing file and creating a new file is, are you? > > No, I am asking for clarification on the original question. Why when a > user is grated Read & Execute are they also granted the special > permission Create Folders\Append Data and Create Files\Write Data?
Of course not. What gave you that idea? In the OP's case the partitions have the special permissions "Create Files/Write Data" and "Create Folders/Append Data" ON TOP OF the Read & Execute permissions. > Is it only so that a user can create temporary files? Although there are situations where read-only access will suffice, users will need some kind of write access to data partitions in most cases, because they need to work with/on that data. That's why by default users have the rights to create files and folders on (data) partitions. > It seems silly to me that when you grant someone read access they by > default can also write. They can't. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
