NTFS permissions in Windows7 min read

PRECONDITION

Each operating system has its default file system, each with its merits and defects; APFS for Mac OSX, Ext4 for Linux and NTFS for Windows. We analyze the NTFS to understand how it behaves with the permissions associated with files and folders.

FILE CREATION

When a file or folder is created within an NTFS volume, it automatically creates a security descriptor called the Access Control List (ACL). It stores all the information about which users and groups have permissions to operate on the file / folder. Each permission assignment is represented by an Access Control Entry (ACE).

STANDARD PERMISSIONS

  • Full control: Read, edit, write, execute files in the directory, change attributes and permissions, change file / folder owner
  • Modify: Read, modify, write, execute files in the directory, change file / folder attributes
  • Reading and execution: Allowed to show the contents of the folder, data, attributes, owner and permissions; also run files
  • List folder: Allowed to show the contents of the folder, data, attributes, owner and permissions; also run files
  • Read: Allowed to show data, attributes, owner and permissions
  • Write: Permission to write to a file, add files, change and read attributes

To modify the permissions or consult them, just right click on the file / directory, PROPERTIES, SECURITY tab

and then MODIFY.

SPECIAL PERMISSIONS

Each of the standard permissions consists of a logical group of special permissions:

  • Read Attributes: Read attributes allow or deny the display of the extended attributes of a file or folder
  • Reading extended attributes: this permission allows or denies the display of extended attributes of files or folders
  • Deleting files or subfolders: allows you to delete files or subfolders
  • Delete: allows you to delete files or folders
  • Synchronize: allows or denies different threads to wait for a handle for a file / folder and synchronizes with another thread that can send the handle
  • Cross folders: allows you to move through folders (by default everyone can do it).
  • Execute file: permission to execute files within a directory
  • Creating files: allows you to create or deny the creation of files / folders
  • Write data: allows or does not allow data writing. Do not imply the creation or deletion of files, but the permission to make changes to change attributes of files / folders
  • Write extended data: allows or not to change the extended attributes of a file or folder. the attributes are defined by the programs and may vary depending on the program. It does not imply the creation or deletion of files, but the permission to make changes to change attributes of files / folders
  • Folder List: Allow or deny the display of the file name and subfolder within a directory
  • Create files: create or not file  
  • Write data: allow or not editing files
  • Create folders: create folders or not
  • Add data: add data by editing files, but not by overwriting them
  • Take ownership: allows you to take ownership of a file or folder
  • Change permissions: allows or denies changes in permissions of a file or directory
  • Read permissions: allows the reading of the permissions of a given file or folder

To modify these special permissions, simply right-click on the file / directory, PROPERTIES, SECURITY tab, ADVANCED, double click on the desired user and SHOW ADVANCED AUTHORIZATIONS and change the permissions.

TABLES

This table shows the special permissions assigned to each NTFS permit standard

Tabella dei permessi NTFS presente a pag. 162 lezione 6 di Windows Server Administration Fundamentals di John Wiley & Sons e Bryan Gambrel

PERMISSIONS TYPE

An interesting thing to clarify is certainly the two types of permissions that are:

  • Explicit permissions: permissions attributed directly to a file or folder
  • Inherited permissions: permissions inherited from a parent folder and distributed to child folders / files

PERMISSIONS DURING A COPY OR MOVING

When a file or folder is copied or moved three things can happen:

  • If a file / folder is copied, the new folder / file acquires the permissions of where it was copied
  • If moved in the same volume, it keeps the same permissions
  • If you move from one volume to another, it acquires the permissions of the volume to which it was destined

OWNER

The owner of an object checks how the permissions have been set and who the permissions are set to. To change the owner it is sufficient:

  • Go under the PROPERTY of the affected folder or files
  • SECURITY tab -> ADVANCED
    • If the owner is not listed, click on ADD
      and write the desired name and OK
    • If it is in the list, just select it and OK
  • The change of owner does not take place in an inherited way if you select the option DISABLE EREDITARIES

Books to understand how Windows servers work:

Book 1
Book 2

Recent Tweets

For privacy reasons Twitter needs your permission to be loaded.
I Accept
2018-09-19T08:25:41+00:00

About the Author:

Doctor in Computer Science, I've always been passionate about computers and their operation. In these last years I have decided to specialize me in the system field focusing my studies on the network and the servers. Together with Daniel, I have decided to create this blog to help, through of the guides, more possible people trying to transmit to them our passion.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.