Folder ACL Inheritance Problem

[Paul Jenkins]

I have two folders on my server (let's say folder 1 and folder 2). Folder 2
happens to be a sub-folder of an FTP virtual folder. A script runs every
night to move the file from folder 1 to folder 2 (under the context of local
administrator). Folder 1's permissions permit users X, Y, and Z various
rights, and local Administrators and system FULL permissions on that folder.
On folder 2 on the other hand, users A, B, and C have various rights, along
with local Administrators and system who have FULL permissions on that
folder. Users X, Y, and Z are not explicitly listed on folder 2 with any
rights. The problem is that when the file get's moved to folder 2, it
brings with it the user X, Y, and Z permissions (which I don't want), and
furthermore user C has no rights on the file (even though user C has
permissions defined on folder 2, and folder 2 is set to inherit from it's
parent FTP folder, where user C also has rights). What would cause user C
to have no permissions on the moved file, even though user C has permissions
on folder 2 and the parent FTP folder?

PJ

 

[Dale Weiss]

Hello,

Are the two folders on the same volume? If so, the explanation is in this
article:

310316 How Permissions Are Handled When You Copy and Move Files and Folders
http://kb/article.asp?id=Q310316

By default, an object inherits permissions from its parent object, either
at the time of creation or when it is copied or moved to its parent
folder.
The only exception to this rule occurs when you move an object to a
different folder on the same volume. In this case, the original permissions
are retained.



Dale Weiss MCSA MCSE CISSP
PSS Security

This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms
specified at http://www.microsoft.com/info/cpyright.htm