Security Basics mailing list archives
RE: Windows Sharing File Permissions
From: "Scalcione.David" <SCALCIONED () YANB com>
Date: Tue, 11 Dec 2007 12:15:09 -0500
Al, The permissions in the share permissions tab apply to the share. The permissions in the security tab are file/directory permissions. The share permissions apply ONLY when accessing the file through THAT particular share. File permissions apply not matter how that file is accessed. When accessing a file on a Windows share, share permissions apply first, then file permissions. Of course the usual deny the allow order also applies. Share permissions are not very robust or granular, and in general don't provide that much security. DO NOT use share permissions to restrict access to files. These permissions only apply to that file when accessed through that particular share. If you create two shares that can access the same file, with different permissions on each, then you have two sets of permissions that apply to that file depending on the way it's accessed though the network. Use share permissions to grant users access to the share, use file permissions to grant/deny access to files. If I'm not making any sense, check out this article http://www.windowsecurity.com/articles/Share-Permissions.html. Dave -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Al Cooper Sent: Tuesday, December 11, 2007 11:06 To: security-basics () securityfocus com Subject: Windows Sharing File Permissions Hi All, In Windows, there are two places to set shared folder permissions in the Folder Property Box, on the Security Tab and on the Sharing Tab under permissions. What is the difference between these two? Which one has priority? Why are there two? I know this seems like a very basic question but I cannot find good documentation on this. Thanks for your help, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. The information contained in this communication is confidential and privileged information intended only for the use of the individual or entity to which it is addressed. If you are not the addressee indicated in this message (or an agent responsible for delivery of the message to such person), you are hereby notified that you have received this communication in error and that any review, dissemination, copying, or any action or omission taken by you in reliance on it, is strictly prohibited. Please destroy this message and notify the sender immediately if you have received it in error. Please also advise immediately if you or your employer do not consent to e-mail communications. Opinions, conclusions and other information in this message that do not relate to the official business of Yardville National Bank shall be understood as neither given nor endorsed by it.
Current thread:
- RE: Windows Sharing File Permissions, (continued)
- RE: Windows Sharing File Permissions wharfratjoe (Dec 12)
- Re: Windows Sharing File Permissions Nikhil Wagholikar (Dec 12)
- Re: Windows Sharing File Permissions Raoul Armfield (Dec 18)
- RE: Windows Sharing File Permissions Nick Vaernhoej (Dec 12)
- RE: Windows Sharing File Permissions Jesse Eaton (Dec 12)
- Re: Windows Sharing File Permissions Micheal Espinola Jr (Dec 12)
- RE: Windows Sharing File Permissions Marc Ouwerkerk (Dec 12)
- RE: Windows Sharing File Permissions Bill Lavalette (Dec 12)
- Re: Windows Sharing File Permissions Jason Ross (Dec 12)
- RE: Windows Sharing File Permissions Ackley, Alex (Dec 12)
- RE: Windows Sharing File Permissions Scalcione.David (Dec 12)
- Re: Windows Sharing File Permissions jean . debogue (Dec 12)