How to allow File modify, but not delete?

S

sTeve

I'm sharing a folder on a Win2003 file server, and I'd like users in a
particular security group to be able to modify files that are in
subfolders of the the folder, but not be able to delete the files or
the subfolders.

Main Folder Read only
Subfolder Read Only
Data Folder Read and Modify existing Files

By isolating the inheritance, I've been able to get to the point where
I can do this, except after a user modifys a file, they are given full
rights to the file, and then they can delete it.

I've tried denying 'change permissions' and 'take ownership,' but that
had no effect.

Can anyone guide me through the steps to take to accomplish this?

Thank you,

Steve Shapiro
University of Oregon
 
S

Steven L Umbach

Modify permission for a file does allow a user to delete the file though
there are a lot of special permissions that you can look at to see if you
can do what you want without using modify. If the user truly has modify
permission to the file I am surprised you can keep them from deleting it.
After a user modifies a file they may become owner of that file and get
permissions that creator owner has which by default is full control. You can
change permissions on creator owner but the owner of a folder/file will
always be able to change permissions on folders/files they own assuming the
want to and know how to. The link below is for XP but applies to Windows
2000 also and you can read more about special permissions. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419
 
S

Steven L Umbach

You can but then you no longer have modify permissions if that is what he
really wants, otherwise he would want to give the users only
read/list/execute/write for files. Unfortunately some applications like
Office require that the user have modify permissions to edit the file
because Office creates a new file and deletes the original file when the
user saves it. After re reading his question he could at least use special
permissions to at least prevent users from deleting subfolders they do not
own by making sure they have only read/list/execute/write permissions for
"subfolders only" in special permissions. Confusing stuff.--- Steve
 
S

sTeve

Thanks, this explains alot (about how office creates a temp file, then
creates a new file (which obviously they have full rights to).

We decided to give them read only access to the files, and if they
have to change them, use another procedure.

thanx,

steve
 
B

Bob

Thanks, this explains alot (about how office creates a temp file, then
creates a new file (which obviously they have full rights to).

We decided to give them read only access to the files, and if they
have to change them, use another procedure.

thanx,

steve
Click to expand...


I think the theory is that "modify" access is essentially "delete"
access since with "modify" I can remove all the content of the file
and effectively accomplish the same thing as delete.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need to Write but not Delete or Modify 1
NTFS modify but not delete 8
Can't delete file 3
File Security 1
NTFS Permissions - Sub-Folders 4
How to restrict access to just Files, not Folders 7
Deny users the right to delete folders/subfolders 2
Need Write rights NOT Change or Delete 2

Top