Shulou(Shulou.com)06/01 Report--

This article focuses on "the difference between sharing permissions and NTFS permissions". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn the difference between sharing permissions and NTFS permissions.

Share permission

There are three kinds of sharing permissions: full control, change, and read.

Share local security. In other words, he logs in with a different user name on the same computer and can have different access to the same folder on the hard drive.

Note: NTFS permissions work for users who access from the network and log in locally.

3. Connections and differences between sharing permissions and NTFS permissions

(1) sharing permissions are based on folders, that is to say, you can only set sharing permissions on folders, not files; NTFS permissions are based on files, which you can set either on folders or files.

(2) the sharing permission works only when the user accesses the shared folder through the network, and does not work if the user logs on to the computer locally; the NTFS permission will work regardless of whether the user uses the file through the network or local login, but it will work in conjunction with the sharing permission when the user accesses the file through the network, and the rule is to take the strictest permission setting.

(3) the sharing permission has nothing to do with the file operating system, as long as the share is set, the sharing permission can be applied; the NTFS permission must be a NTFS file system, otherwise it will not work.

There are only a few kinds of sharing permissions: read, change and full control; there are many kinds of NTFS permissions, such as read, write, execute, change, full control, etc. We can set it up in great detail.

4. Characteristics of share permissions and NTFS permissions:

(1) both share permissions and NTFS permissions are cumulative.

(2) both share permissions and NTFS permissions follow the "deny" permission over other permissions.

(3) when an account accesses a shared folder through the network, and the folder is on a NTFS partition, then the user's final permission is the strictest permission in its sharing and NTFS permissions on the folder.

What does NTFS permission do?

When a user tries to access a file or folder, the NTFS file system checks whether the account or group to which the account belongs is in the access control list (ACL) of the file or folder, further checks the access control entry (ACE), and then determines the user's final permissions based on the permissions in the control. If the account used by the user or the group to which the account belongs does not exist in the access control list, the user is denied access.

Rules for applying NTFS permissions:

1. Combination of permissions.

If a user is in two or more groups at the same time, and each group has different permissions on the same file, what permissions does the user have on the file?

To put it simply, when a user belongs to multiple groups, the user will get the cumulative permissions of each group, but once the corresponding permission of a group is denied, this permission of the user will also be denied.

For example:

Suppose there is a user U1, if U1 belongs to two groups An and B, group A has read permission to a file, group B has write permission to the file, and U1 itself has the permission to modify the file, then the final permission of U1 to this file is read + write + modify permission.

Assuming that U1 has write permission to the file, group A has read permission to the file, but group B denies read permission to the file, then U1 only has write permission to the file. There is a small problem here. U1 only has write permission for this document, but does not have read permission. So, is the write permission valid? The answer is obvious: U1 has invalid write access to this file, because how can I write if I can't read it? If you can't even get in the door, how can you move the furniture in?

2. Inheritance of permissions.

The newly created file or folder automatically inherits the NTFS permissions of the previous directory or drive, but the permissions inherited from the previous level cannot be directly modified, and other permissions can only be added on this basis. That is, you can't remove the tick on the permission (because it can't be removed for the time being), you can only add a new one. The gray box for the inherited permissions, can not be directly modified, the white box can be added permissions, of course, this is not absolute, as long as you have enough permissions, such as you are an administrator, you can also change the inherited permissions, or so that files no longer inherit the next level directory or drive NTFS permissions.

3. Refusal of authority

The right to refuse is the greatest. No matter what permissions are given to the account or group, as long as there is a check in the rejected column, then the denied permissions are absolutely valid.

4. The impact of move and copy operations on permissions

There are four situations in which files (folders) are moved and copied to the same or different partition. Just remember that the original permissions are retained only if you move to the same partition, otherwise you inherit the NTFS permissions of the destination folder or drive.

Share permissions:

There are only three types of sharing permissions: read, change, and full control. The default shared file setting permission for Windows Server 2003 is that Everyone users only have read permissions. The default shared file setting permission for Windows 2000 is that the Everyone user has full control.

The following explains the three permissions:

1. Read. Read permissions are the default permissions assigned to the Everyone group.

A, view the file name and subfolder name.

B. View the data in the file.

C, run the program file.

2. Change. Changing permissions is not the default permission for any group. Change permissions not only allow all read permissions, but also add the following permissions.

A, add files and subfolders.

B. Change the data in the file.

C. Delete subfolders and files.

3. Complete control. Full control permissions are the default permissions assigned to the Administrators group on this machine. Full control permissions not only allow all read and change permissions, but also have the right to change permissions.

As with NTFS permissions, if a user or user group is given a denied permission, that user or a member of that user group will not be able to perform the denied operation.

In Windows 2000, shared folders can be accessed by users with an empty password. However, shared folders in Windows Server 2003 cannot be accessed by users with an empty password.

The combination of share permissions and NTFS permissions:

Share permissions are only valid for users who access through the network, so sometimes you need to cooperate with NTFS permissions (if the partition is a FAT/FAT32 file system, you don't need to consider it) in order to strictly control user access. When a shared folder is set to share permissions and NTFS permissions, it will be controlled by two permissions.

If you want the user to have full control of the shared folder, first add this user (group) to the share permissions and set full control permissions. Then add this user (group) to the NTFS permission settings, and also set full control permissions. It is only when full control is set in both places that you finally have full control.

When users access a shared folder stored on the NTFS file system from the network, they are constrained by two permissions, and effective permissions are the strictest permissions (that is, the intersection of the two permissions). When the user accesses the folder directly from the local computer, it is not restricted by the sharing permission, but only by the NTFS permission.

Similarly, consider the conflict between the two permissions, for example, if the share permission is read-only and the NTFS permission is write, then the final permission is completely denied. This is because the combination of these two permissions is the intersection of the two permissions.

At this point, I believe you have a deeper understanding of the difference between "sharing permissions and NTFS permissions". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.