Click here to get back home

NTFS permission problem
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
NTFS permission problem tornado579 03-31-2006
Posted by AllenM on March 31, 2006, 5:19 pm
Please log in for more thread options
 lol Larry. funny you remember that...........

> Allen-
>
> Might I suggest a nap in your data room?
>
> "AllenM" wrote:
>
>> Bill why do you insist on being so persistant. No I do not want to know
>> why
>> it makes no sense because I already know why. And I don't care why it
>> makes
>> no sense. I never claimed it to be. Now if you have read my postings when
>> I
>> tried to explain I said "IN OTHER WORDS, FOR EXAMPLE, I CAN ASSIGN A
>> GROUP
>> OR USER READ/WRITE ONLY AND GIVE THEM "SPECIAL PERMISSIONS" TO "CHANGE
>> PERMISSIONS". THIS CAN BE DONE FROM THE "ADVANCE"
>>
>> Do you understand what I meant by for "example". Where did I ever say
>> that
>> it is the correct thing to do and suggested some one do it. You just
>> can't
>> handle constructive criticism huh Bill? Just admit you made a wrong
>> statement and that you stand corrected and quit trying to justify your
>> wrong
>> doing by trying to make false pretences towards others. So far neither
>> one
>> of us has helped the poster because I'm sure he is getting more
>> entertained
>> through reading your persistance ignorance on trying to justify yourself.
>> Jesus Christ quit trying to be someone you are not. Your level of
>> expertise
>> is limit compared to others here as was evident when you posted in the
>> Exchange NG.
>>
>> Tornado my sincere apologies. I'm sorry you had to read through all of
>> this.
>> But I'm sure you see my point and who is right and who is wrong. I do
>> hope
>> you get an answer elsewhere. Hopefully not from Bill.
>>
>> I AM DONE WITH THIS THREAD..
>>
>>
>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
>> > Allen-
>> >
>> > I guess for your sake I should have said "Everyone - Full Control at
>> > the
>> > share level, and do not grant
>> > full control to non-administrators at the NTFS level, users should not
>> > be
>> > able to change permissions, unless you grant them "change permissions"
>> > rights which no one in their right mind would do anyway".
>> >
>> > Want to know why it makes no sense to do what you are proposing?
>> > Because
>> > if you give someone the rights to change permissions, they can give
>> > themselves and everyone else "full control" anyway. You might as well
>> > just give them full control. There is no reason in the world to grant
>> > NTFS permissions like this. What you are saying, while technically
>> > correct, makes NO SENSE.
>> >
>> > My original statement, at face value, is not incorrect, unless you've
>> > gone
>> > into the advanced tab and tweaked the permissions as you describe,
>> > which
>> > rather foolish.
>> >
>> >
>> >> YOUR REVISED STATEMENT
>> >> If you have not granted any "special permissions", and the group does
>> >> not
>> >> have full control, they cannot change NTFS permissions
>> >>
>> >> Now that statement is correct. I already knew that which is what I was
>> >> trying to let you know.
>> >>
>> >> YOUR FIRST STATEMENT:
>> >> If you set "Everyone - Full Control" at the share level, and do not
>> >> grant
>> >> full control to non-administrators at the NTFS level, users should not
>> >> be
>> >> able to change permissions
>> >>
>> >> SEE THE DIFFERENCE?
>> >>
>> >>
>> >> "Bill" <it_professional_0812 at yahoo.com> wrote in message
>> >>> Allen-
>> >>>
>> >>> If you have not granted any "special permissions", and the group does
>> >>> not have full control, they cannot change NTFS permissions.
>> >>>
>> >>>
>> >>>> That is not true. Reread your statement. "and do not grant full
>> >>>> control
>> >>>> to non-administrators at the NTFS level, users should not be able to
>> >>>> change permissions"
>> >>>> This is not true because I would be able to change permissions
>> >>>> without
>> >>>> granting FULL control by doing what I said. Perhaps you forgot to
>> >>>> include the "unless" at the end of your statement. Do a google
>> >>>> search
>> >>>> on NTFS Folder/File permissions. They have some great articles you
>> >>>> can
>> >>>> use to learn more about NTFS permissions.
>> >>>>
>> >>>> Now reread what I said.
>> >>>>
>> >>>> "YOU CAN ASSIGN ANY GROUP OR USER THE RIGHT TO "CHANGE PERMISSIONS"
>> >>>> WITHOUT
>> >>>> GIVING THEM FULL CONTROL OR MAKING THEM A MEMBER OF AN
>> >>>> ADMINISTRATIVE
>> >>>> GROUP.
>> >>>>
>> >>>> But I'm not going to argue it any furthur as this does not help the
>> >>>> poster resolve his issues.
>> >>>>
>> >>>>
>> >>>>
>> >>>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
>> >>>>> There is nothing incorrect about this statement: "If you set
>> >>>>> "Everyone - Full Control" at
>> >>>>> the share level, and do not grant full control to
>> >>>>> non-administrators
>> >>>>> at the
>> >>>>> NTFS level, users should not be able to change permissions."
>> >>>>>
>> >>>>> While it is true that you can assign special permissions to allow
>> >>>>> non-administrators to change permissions, if the group is not
>> >>>>> granted
>> >>>>> full control on the standard tab, they cannot change NTFS
>> >>>>> permissions,
>> >>>>> period.
>> >>>>>
>> >>>>>> Let me try to break this down to help better understand so that I
>> >>>>>> may
>> >>>>>> provide some helpful input here.
>> >>>>>>
>> >>>>>> 1. "I have a folder called test under another folder called as
>> >>>>>> Documents. Documents folder is shared. I have given full
>> >>>>>> permissions
>> >>>>>> for everyone group since i am
>> >>>>>> going to control the folder accesses via NTFS permissions."
>> >>>>>>
>> >>>>>> THIS IS CORRECT. WHENEVER YOU WANT TO SHARE A FOLDER IT IS GOOD
>> >>>>>> PRACTICE TO ASSIGN "EVERYONE" FULL ACCES AT THE SHARE LEVEL AND
>> >>>>>> RESTRICT FOLDER ACCESS USING NTFS FOLDER/FILE PERMISSIONS.
>> >>>>>>
>> >>>>>> 2. So for test folder i have assigned the permissions only for
>> >>>>>> that
>> >>>>>> particular group and adminstrator.
>> >>>>>>
>> >>>>>> WHAT ARE THE PERMISSIONS YOU ASSIGNED TO THE ADMINISTRATORS AND
>> >>>>>> THIS
>> >>>>>> PARTICULAR GROUP?
>> >>>>>>
>> >>>>>> 3. When i login from client machine and check the permissons via
>> >>>>>> security tab for any folder under test folder i am able to change
>> >>>>>> permissions from client side directly.
>> >>>>>>
>> >>>>>> WHO ARE YOU LOGGING IN AS?
>> >>>>>>
>> >>>>>> 4. I have tried all sorts of combinations but to my surprise none
>> >>>>>> worked. I dont know what is going wrong here.
>> >>>>>>
>> >>>>>> WHAT ARE THESE COMBINATIONS? i TAKE IT YOU ARE TRYING TO "NOT"
>> >>>>>> ALLOW
>> >>>>>> THIS PARTICULAR GROUP THE RIGHT TO CHANGE PERMISSIONS? IS THIS A
>> >>>>>> CORRECT STATEMENT?
>> >>>>>>
>> >>>>>> 5. Bill's statement is incorrect. "If you set "Everyone - Full
>> >>>>>> Control" at the share level, and do not grant full control to
>> >>>>>> non-administrators at the NTFS level, users should not be able to
>> >>>>>> change permissions."
>> >>>>>>
>> >>>>>> YOU CAN ASSIGN ANY GROUP OR USER THE RIGHT TO "CHANGE PERMISSIONS"
>> >>>>>> WITHOUT GIVING THEM FULL CONTROL OR MAKING THEM A MEMBER OF AN
>> >>>>>> ADMINISTRATIVE GROUP. YOU CAN ASSIGN THEM "SPECIAL PERMISSIONS".
>> >>>>>> IN
>> >>>>>> OTHER WORDS, FOR EXAMPLE, I CAN ASSIGN A GROUP OR USER READ/WRITE
>> >>>>>> ONLY AND GIVE THEM "SPECIAL PERMISSIONS" TO "CHANGE PERMISSIONS".
>> >>>>>> THIS CAN BE DONE FROM THE "ADVANCE" FEATURES.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
>> >>>>>>> I'll ask the dumb question - are you logging in as yourself, or
>> >>>>>>> as
>> >>>>>>> the "restricted" user?
>> >>>>>>>
>> >>>>>>> If you set "Everyone - Full Control" at the share level, and do
>> >>>>>>> not
>> >>>>>>> grant full control to non-administrators at the NTFS level, users
>> >>>>>>> should not be able to change permissions.
>> >>>>>>>
>> >>>>>>>> Hi group,
>> >>>>>>>>
>> >>>>>>>> Hope you can help me with this one. I dont know what am i doing
>> >>>>>>>> wrong.
>> >>>>>>>>
>> >>>>>>>> OS is windows 2003 in AD environment. This configuration is done
>> >>>>>>>> on
>> >>>>>>>> the
>> >>>>>>>> server side:
>> >>>>>>>>
>> >>>>>>>> I have a folder called test under another folder called as
>> >>>>>>>> Documents.
>> >>>>>>>> Documents folder is
>> >>>>>>>> shared. I have given full permissions for everyone group since i
>> >>>>>>>> am
>> >>>>>>>> going to control the folder accesses via NTFS permissions. So
>> >>>>>>>> for
>> >>>>>>>> test
>> >>>>>>>> folder i have assigned the permissions
>> >>>>>>>> only for that particular group and adminstrator.
>> >>>>>>>>
>> >>>>>>>> When i login from client machine and check the permissons via
>> >>>>>>>> security
>> >>>>>>>> tab for any folder
>> >>>>>>>> under test folder i am able to change permissions from client
>> >>>>>>>> side
>> >>>>>>>> directly. I have tried
>> >>>>>>>> all sorts of combinations but to my surprise none worked. I dont
>> >>>>>>>> know
>> >>>>>>>> what is going wrong here.
>> >>>>>>>>
>> >>>>>>>> Any sort of inputs will be of great help. Thanks in advance.
>> >>>>>>>>
>> >>>>>>>> Thanks,
>> >>>>>>>>
>> >>>>>>>> Tornado.
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>>



Posted by Roger Abell [MVP] on April 1, 2006, 4:05 am
Please log in for more thread options
 For what it is worth Bill, I quite agree with you.
It can sometimes be virtually impossible to state something (addressing
the apparent level of a poster that does not drill into the Advanced
permissions tab in this case) simply and clearly at times while still
satisfying the 100% technically correct, detail laden reality.

Case in point - no one has mentioned files/folders that the non-admin
user of that share with a generic NTFS modify grant has created, where
certainly it is untrue that
> "Everyone - Full Control at the share level, and do not grant
> full control to non-administrators at the NTFS level, users should not be
> able to change permissions, unless you grant them "change permissions"
> rights which no one in their right mind would do anyway".

So now, the simple, correct, and appropriate response to the poster,
to paraphrase your first response, might need be

If you set "Everyone - Full Control" at the share level, and grant only, at
most, modify to non-administrators at the NTFS level, users should not be
able to change permissions (except on things they have created).

(of course we could not fall into argument over the use of "users" in that,
as it could be interpreted as inclusive of admin accounts, depending . . . )

Roger


"Bill" <it_professional_0812 at yahoo.com> wrote in message
> Allen-
>
> I guess for your sake I should have said "Everyone - Full Control at the
> share level, and do not grant
> full control to non-administrators at the NTFS level, users should not be
> able to change permissions, unless you grant them "change permissions"
> rights which no one in their right mind would do anyway".
>
> Want to know why it makes no sense to do what you are proposing? Because
> if you give someone the rights to change permissions, they can give
> themselves and everyone else "full control" anyway. You might as well
> just give them full control. There is no reason in the world to grant
> NTFS permissions like this. What you are saying, while technically
> correct, makes NO SENSE.
>
> My original statement, at face value, is not incorrect, unless you've gone
> into the advanced tab and tweaked the permissions as you describe, which
> rather foolish.
>
>
>> YOUR REVISED STATEMENT
>> If you have not granted any "special permissions", and the group does not
>> have full control, they cannot change NTFS permissions
>>
>> Now that statement is correct. I already knew that which is what I was
>> trying to let you know.
>>
>> YOUR FIRST STATEMENT:
>> If you set "Everyone - Full Control" at the share level, and do not grant
>> full control to non-administrators at the NTFS level, users should not be
>> able to change permissions
>>
>> SEE THE DIFFERENCE?
>>
>>
>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
>>> Allen-
>>>
>>> If you have not granted any "special permissions", and the group does
>>> not have full control, they cannot change NTFS permissions.
>>>
>>>
>>>> That is not true. Reread your statement. "and do not grant full control
>>>> to non-administrators at the NTFS level, users should not be able to
>>>> change permissions"
>>>> This is not true because I would be able to change permissions without
>>>> granting FULL control by doing what I said. Perhaps you forgot to
>>>> include the "unless" at the end of your statement. Do a google search
>>>> on NTFS Folder/File permissions. They have some great articles you can
>>>> use to learn more about NTFS permissions.
>>>>
>>>> Now reread what I said.
>>>>
>>>> "YOU CAN ASSIGN ANY GROUP OR USER THE RIGHT TO "CHANGE PERMISSIONS"
>>>> WITHOUT
>>>> GIVING THEM FULL CONTROL OR MAKING THEM A MEMBER OF AN ADMINISTRATIVE
>>>> GROUP.
>>>>
>>>> But I'm not going to argue it any furthur as this does not help the
>>>> poster resolve his issues.
>>>>
>>>>
>>>>
>>>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
>>>>> There is nothing incorrect about this statement: "If you set
>>>>> "Everyone - Full Control" at
>>>>> the share level, and do not grant full control to non-administrators
>>>>> at the
>>>>> NTFS level, users should not be able to change permissions."
>>>>>
>>>>> While it is true that you can assign special permissions to allow
>>>>> non-administrators to change permissions, if the group is not granted
>>>>> full control on the standard tab, they cannot change NTFS permissions,
>>>>> period.
>>>>>
>>>>>> Let me try to break this down to help better understand so that I may
>>>>>> provide some helpful input here.
>>>>>>
>>>>>> 1. "I have a folder called test under another folder called as
>>>>>> Documents. Documents folder is shared. I have given full permissions
>>>>>> for everyone group since i am
>>>>>> going to control the folder accesses via NTFS permissions."
>>>>>>
>>>>>> THIS IS CORRECT. WHENEVER YOU WANT TO SHARE A FOLDER IT IS GOOD
>>>>>> PRACTICE TO ASSIGN "EVERYONE" FULL ACCES AT THE SHARE LEVEL AND
>>>>>> RESTRICT FOLDER ACCESS USING NTFS FOLDER/FILE PERMISSIONS.
>>>>>>
>>>>>> 2. So for test folder i have assigned the permissions only for that
>>>>>> particular group and adminstrator.
>>>>>>
>>>>>> WHAT ARE THE PERMISSIONS YOU ASSIGNED TO THE ADMINISTRATORS AND THIS
>>>>>> PARTICULAR GROUP?
>>>>>>
>>>>>> 3. When i login from client machine and check the permissons via
>>>>>> security tab for any folder under test folder i am able to change
>>>>>> permissions from client side directly.
>>>>>>
>>>>>> WHO ARE YOU LOGGING IN AS?
>>>>>>
>>>>>> 4. I have tried all sorts of combinations but to my surprise none
>>>>>> worked. I dont know what is going wrong here.
>>>>>>
>>>>>> WHAT ARE THESE COMBINATIONS? i TAKE IT YOU ARE TRYING TO "NOT" ALLOW
>>>>>> THIS PARTICULAR GROUP THE RIGHT TO CHANGE PERMISSIONS? IS THIS A
>>>>>> CORRECT STATEMENT?
>>>>>>
>>>>>> 5. Bill's statement is incorrect. "If you set "Everyone - Full
>>>>>> Control" at the share level, and do not grant full control to
>>>>>> non-administrators at the NTFS level, users should not be able to
>>>>>> change permissions."
>>>>>>
>>>>>> YOU CAN ASSIGN ANY GROUP OR USER THE RIGHT TO "CHANGE PERMISSIONS"
>>>>>> WITHOUT GIVING THEM FULL CONTROL OR MAKING THEM A MEMBER OF AN
>>>>>> ADMINISTRATIVE GROUP. YOU CAN ASSIGN THEM "SPECIAL PERMISSIONS". IN
>>>>>> OTHER WORDS, FOR EXAMPLE, I CAN ASSIGN A GROUP OR USER READ/WRITE
>>>>>> ONLY AND GIVE THEM "SPECIAL PERMISSIONS" TO "CHANGE PERMISSIONS".
>>>>>> THIS CAN BE DONE FROM THE "ADVANCE" FEATURES.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
>>>>>>> I'll ask the dumb question - are you logging in as yourself, or as
>>>>>>> the "restricted" user?
>>>>>>>
>>>>>>> If you set "Everyone - Full Control" at the share level, and do not
>>>>>>> grant full control to non-administrators at the NTFS level, users
>>>>>>> should not be able to change permissions.
>>>>>>>
>>>>>>>> Hi group,
>>>>>>>>
>>>>>>>> Hope you can help me with this one. I dont know what am i doing
>>>>>>>> wrong.
>>>>>>>>
>>>>>>>> OS is windows 2003 in AD environment. This configuration is done on
>>>>>>>> the
>>>>>>>> server side:
>>>>>>>>
>>>>>>>> I have a folder called test under another folder called as
>>>>>>>> Documents.
>>>>>>>> Documents folder is
>>>>>>>> shared. I have given full permissions for everyone group since i am
>>>>>>>> going to control the folder accesses via NTFS permissions. So for
>>>>>>>> test
>>>>>>>> folder i have assigned the permissions
>>>>>>>> only for that particular group and adminstrator.
>>>>>>>>
>>>>>>>> When i login from client machine and check the permissons via
>>>>>>>> security
>>>>>>>> tab for any folder
>>>>>>>> under test folder i am able to change permissions from client side
>>>>>>>> directly. I have tried
>>>>>>>> all sorts of combinations but to my surprise none worked. I dont
>>>>>>>> know
>>>>>>>> what is going wrong here.
>>>>>>>>
>>>>>>>> Any sort of inputs will be of great help. Thanks in advance.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Tornado.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Posted by Roger Abell [MVP] on April 1, 2006, 3:51 am
Please log in for more thread options
> Let me try to break this down to help better understand so that I may
> provide some helpful input here.
>
> 1. "I have a folder called test under another folder called as Documents.
> Documents folder is shared. I have given full permissions for everyone
> group since i am
> going to control the folder accesses via NTFS permissions."
>
> THIS IS CORRECT. WHENEVER YOU WANT TO SHARE A FOLDER IT IS GOOD PRACTICE
> TO ASSIGN "EVERYONE" FULL ACCES AT THE SHARE LEVEL AND RESTRICT FOLDER
> ACCESS USING NTFS FOLDER/FILE PERMISSIONS.
>

Really sorry, as I have expressed my disagreement with this before,
but once more I feel need to express alternate view.

Setting Everyone Full for share-level permissions is saying "make
share permissions a no-op, let's just pretend it was not designed
into the OS and not use this" (a slight over-speak now that it is
possible to control whether Everyone does or does not include
anonymous).

That is NOT using layered security effectively.

People, not necessarily yourself, tend to forget that these are not
just redundant. Share level permissions control access through
the redirector, gating whether one can access the share or not
and then limiting the extent of that access. That is something quite
different from NTFS checks.

It can be all too easy to have mistaken permissioning show up
in NTFS. In the current generation this is not that uncommon,
due to ownership allowing creators to set permission to what
an admin had not intended to exist, or, due to moves within a
partition done without awareness of NTFS permissions impacts,
or, due to accidents in exlicit grants having priority over inherited
denies.

If one has not used share level permissions effectively, then these
"mistakes" are visible further (over network) than could have been
the case.



Posted by Steven L Umbach on March 31, 2006, 1:25 pm
Please log in for more thread options
Try creating a new test user that is only a regular user, make sure that
user is in a group that does not have full control or change permissions
ability to the folder, logon with that account and try again to see what
happens. Often when testing a couple problems can arise in that the user
that you are trying with is the owner of the folder, is also member of a
group that has more permissions [power user, server operator,
administrators, defined group] or the user's group membership was changed
but that user did not logoff and logon again so that his security token
reflects the change in group membership. The support tool whoami can show
the groups included in a users security token. --- Steve


> Hi group,
>
> Hope you can help me with this one. I dont know what am i doing wrong.
>
> OS is windows 2003 in AD environment. This configuration is done on the
> server side:
>
> I have a folder called test under another folder called as Documents.
> Documents folder is
> shared. I have given full permissions for everyone group since i am
> going to control the folder accesses via NTFS permissions. So for test
> folder i have assigned the permissions
> only for that particular group and adminstrator.
>
> When i login from client machine and check the permissons via security
> tab for any folder
> under test folder i am able to change permissions from client side
> directly. I have tried
> all sorts of combinations but to my surprise none worked. I dont know
> what is going wrong here.
>
> Any sort of inputs will be of great help. Thanks in advance.
>
> Thanks,
>
> Tornado.
>



Posted by Roger Abell [MVP] on April 1, 2006, 4:15 am
Please log in for more thread options
> Hi group,
>
> Hope you can help me with this one. I dont know what am i doing wrong.
>
> OS is windows 2003 in AD environment. This configuration is done on the
> server side:
>
> I have a folder called test under another folder called as Documents.
> Documents folder is
> shared. I have given full permissions for everyone group since i am
> going to control the folder accesses via NTFS permissions. So for test
> folder i have assigned the permissions
> only for that particular group and adminstrator.
>

as Allen asked, it would help if you had told us what permissions were given

> When i login from client machine and check the permissons via security
> tab for any folder
> under test folder i am able to change permissions from client side

and who created those folders under test and when ??
If you look at the permissons on test is there any grant, directly
or inherited, to Creator Owner ?
When you look at the permissions on these under test which you
can change, what permissions are there ???

> directly. I have tried
> all sorts of combinations but to my surprise none worked. I dont know
> what is going wrong here.
>
> Any sort of inputs will be of great help. Thanks in advance.
>

Make sure that you look at permissions not just with the initial
NTFS dialog, but also check with the Advance view, especially
if you notice Special in the initial dialog is not clear.
For example of the necessity of this, there is one current release
level version of Windows where, if you add a group in the initial,
generic, NTFS permissions dialog and check Full, but then reduce
the Full down to something less, the Permission to change permissions
and the Take ownership permission do not get removed, but are
left as a Special. All other versions do not show this at present,
including the Windows Server 2003 you state is in use here.

> Thanks,
>
> Tornado.
>



Similar ThreadsPosted
NTFS permission problem November 30, 2006, 3:57 pm
NTFS Permission April 21, 2006, 10:04 am
Share Permission vs NTFS July 18, 2006, 2:02 pm
ntfs special permission question September 1, 2006, 1:50 pm
Share folder and NTFS permission April 10, 2008, 6:47 pm
NTFS Rname VS. Delete Permission April 23, 2008, 1:36 am
Spontaneous permission changes-How?Why? September 23, 2005, 2:06 pm
Permission Issue September 28, 2005, 10:55 am
Adobe permission January 4, 2006, 2:03 pm
File Permission June 14, 2008, 5:36 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap