|
Posted by Gerry Hickman on April 12, 2007, 4:55 am
Please log in for more thread options Hi Roger,
Yes, it looks like the problem is related to users having full control
instead of modify only. In general, all our shares are set up for modify
only, but this one was left over from years ago and I never got round to
changing it!
Thanks for solving it.
--
Gerry Hickman - (London UK)
> You are probably seeing an effect from the so-called "hidden child delete"
> that is part of a full control grant as is a requirement for Posix
> compliance.
> Consider providing the Users group with Modify on U: or Modify and also
> Change Permissions and Take Ownership if you do really want them to
> have that. IIRC there is a discussion in the resource kit on the child
> delete
> included in full control.
>
> > Hi,
> >
> > I have a mapped drive as follows
> >
> > U:\ (users full)
> > Shared Docs (users full)
> > Computer Docs (users Read and Execute)
> > Other Docs (users full)
> >
> > In general it works as expected, ordinary users can't put docs into the
> > "Computer Docs" folder, nor delete them. If they try to move a
sub-folder
> > of
> > "Computer Docs" they get "Access Denied", BUT
> >
> > If they drag and drop the WHOLE of "Computer Docs" into "Shared Docs",
it
> > lets them do it! No questions! I don't understand this because even
though
> > they're allowed to COPY the whole folder, I don't see how they can
delete
> > it
> > after. It's as if MOVE by dragging and dropping is not seen as requiring
a
> > DELETE operation to complete??
> >
> > Thanks for any help. This test was done with Win2k clients and servers,
> > not
> > sure if the o/s makes any difference.
> >
> > --
> > Gerry Hickman - (London UK)
> >
> >
>
>
| 
XML Sitemap