|
Posted by =?Utf-8?B?UmFkb3ZhbiBWb2p0ZWs= on April 30, 2008, 5:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi all,
is there any recomended ACL setting for user homedirs?
I'de like to do following:
- users are owners of their homedirs (we use owner-based quotas)
- users cannot change permissions of their homedirs
Is that possible?
However, ownership seems to override even "deny change permissions" ACL. Is
there any other way to deny access for the user to the other homedirs?
Thanks,
--
R.V.
|
|
Posted by Roger Abell [MVP] on May 1, 2008, 2:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi all,
>
> is there any recomended ACL setting for user homedirs?
>
I believe it is a grant of Full Control for the account, optionally
also a grant to Administrators, and nothing else.
> I'de like to do following:
>
> - users are owners of their homedirs (we use owner-based quotas)
> - users cannot change permissions of their homedirs
>
> Is that possible?
>
No, not directly on any Windows client OS released to date.
There is one work around that may sometimes be of use.
Since share level permissions set the upper bound on what may
be used of the NTFS permissions when access is via a share,
if an account has Full at NTFS level but the share level permissions
are only Change, then it is not possible to use the ability to change
permissions when the access is via the share.
> However, ownership seems to override even "deny change permissions" ACL.
That is correct, it does do so.
> Is there any other way to deny access for the user to the other homedirs?
>
Not sure what this asks, "other homedirs"? Just do not give
the account any grant on the other homedirs, only on their own.
|
|
Posted by S. Pidgorny on May 1, 2008, 5:33 am
If you were Registered and logged in, you could reply and use other advanced thread options
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> Hi all,
>
> is there any recomended ACL setting for user homedirs?
>
> I'de like to do following:
>
> - users are owners of their homedirs (we use owner-based quotas)
> - users cannot change permissions of their homedirs
>
> Is that possible?
>
> However, ownership seems to override even "deny change permissions" ACL.
> Is
> there any other way to deny access for the user to the other homedirs?
>
> Thanks,
> --
> R.V.
|
|
Posted by =?Utf-8?B?UmFkb3ZhbiBWb2p0ZWs= on May 1, 2008, 9:24 am
If you were Registered and logged in, you could reply and use other advanced thread options
Thank you for your reply!
Dou you thing thare is any way to block users to access "foreign" homedirs?
Thanks,
--
R.V.
"S. Pidgorny <MVP>" wrote:
> Ownership is very descriptive name. Owner is the one who can reset any ACL.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> > Hi all,
> >
> > is there any recomended ACL setting for user homedirs?
> >
> > I'de like to do following:
> >
> > - users are owners of their homedirs (we use owner-based quotas)
> > - users cannot change permissions of their homedirs
> >
> > Is that possible?
> >
> > However, ownership seems to override even "deny change permissions" ACL.
> > Is
> > there any other way to deny access for the user to the other homedirs?
> >
> > Thanks,
> > --
> > R.V.
>
>
>
|
|
Posted by S. Pidgorny on May 2, 2008, 4:39 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Hello Svyatoslav,
>
> Thank you for your reply!
> Dou you thing thare is any way to block users to access "foreign"
> homedirs?
>
> Thanks,
> --
> R.V.
>
>
> "S. Pidgorny <MVP>" wrote:
>
>> Ownership is very descriptive name. Owner is the one who can reset any
>> ACL.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> message
>> > Hi all,
>> >
>> > is there any recomended ACL setting for user homedirs?
>> >
>> > I'de like to do following:
>> >
>> > - users are owners of their homedirs (we use owner-based quotas)
>> > - users cannot change permissions of their homedirs
>> >
>> > Is that possible?
>> >
>> > However, ownership seems to override even "deny change permissions"
>> > ACL.
>> > Is
>> > there any other way to deny access for the user to the other homedirs?
>> >
>> > Thanks,
>> > --
>> > R.V.
>>
>>
>>
|
| Similar Threads | Posted | | NTFS Permissions | September 12, 2005, 8:49 am |
| NTFS Permissions | January 30, 2006, 5:33 am |
| NTFS Permissions | March 24, 2006, 7:02 am |
| NTFS permissions | November 29, 2006, 5:32 am |
| Re: NTFS Permissions | May 23, 2008, 2:41 am |
| NTFS Permissions and rights | October 9, 2005, 5:29 pm |
| NTFS permissions isses | November 28, 2005, 6:41 pm |
| list NTFS permissions | July 30, 2008, 1:40 pm |
| Export current NTFS permissions. | October 18, 2005, 7:31 am |
| NTFS Rename vs Delete permissions | February 28, 2006, 2:07 pm |
|
XML site map