Welcome to MSDN Blogs Sign in | Join | Help

jaredpar's WebLog

Code, rants and ramblings of a programmer.

Syndication

News

Now Reading

Expert F#

What's a better book to read when learning F#?

Essential WPF

Thus far the best book I've read on WPF. Gets right down to working with WPF and the goals/history.

Purely Functional Data Structures

Reading this book makes me feel like I'm back in college. It will really get your mind going and is best read with a whiteboard handy.

Blog Roll

Eric Lippert
Dustin Campbell
Jon Skeet
Coding Horror
Brian McNamara
Hub FS
Full List

File System Permissions

While working on a recent bug a question came up about how permissions work on NTFS.  Take the following example directory path

c:\University\Fall2005\Homework.cpp

Now imagine that our user University\john had the access rights that were specified below.  For completeness assume full control for Local System and Administrators. 

  • University: Read & Execute, List Folder Contents, Read (All Allow)
  • Fall2005: Read & Execute, List Folder Contents, Read (All Deny)
  • Homework.cpp: Full Control

The question we had was whether or not University\John would be able to successfull access (read, edit, save) Homework.cpp.  Some of us with Unix backgrounds guessed that he would not while most of the rest said that he would. 

After a couple of minutes of discussion we cooked up an example and it turns out that University\John does indeed have Full Control of the Homework.cpp file.  To be honest, this caught me completely by surprise.  I did quite a bit of *nix programming in college and was incorrectly relying on my knowledge of the *nix file system particulars to answer this question. 

If this were a similar *nix example (say /University/Fall2005/Homework.cpp) our user john would not have access to the file.  When a file lookup is done in Linux, the VFS layer starts at the base path and looks up every file system object from the start of the path to the actual file.  If the current process does not have sufficient permissions to access any object on the path, the search fails (as it would for the Fall2005 object). 

I don't know a lot about NTFS but I can only assume that it performs a lookup in a different manner.  Then again, assumption got me into this problem ...

 

 

Published Monday, July 25, 2005 5:53 PM by Jared Parsons

Comments

# re: File System Permissions @ Monday, July 25, 2005 6:42 PM

Could it be because of "bypass traverse checking"?

Luke

# re: File System Permissions @ Monday, July 25, 2005 7:01 PM

So, just wondering - how much does an "executie" get paid anyway? And don't they sue you for discrimination for calling them that?

BTW, I think the prior comment is spot on with the bypass traverse checking. In fact, from memory - I do believe that if the user tried to use explorer to browse to the file they would not be able to get there. They should have to know the full path to get to the file.

Jerry Ham

# re: File System Permissions @ Monday, July 25, 2005 7:55 PM

It is indeed the "Bypass Traverse Checking" Right assignment. Thanks for posting that.

Jared Parsons

New Comments to this post are disabled
Page view tracker