windows - What is "This folder only" permission propagating?

07
2014-07
  • AaronLS

    On a Windows network(no active directory), I can go to a local folder and under a folder select Properties->Security(tab)->Advanced(btn)->Change Permissions...(btn)->Add...(btn)->

    Select a user and in the "Permission Entry for *" window

    • Set a couple permission such as Traverse/List/Read
    • Apply to: This folder
    • False/Unchecked for "Apply these permission to objects..."

    I just want to add permissions for the current folder, and let other folders inherit those permissions(rather than explicitly setting those permissions on the child objects).

    However, when I click Ok or Apply, the "Setting security information on:" dialog comes up and it is enumerating all the child objects. What is it changing? Why is this operation enumerating everything? It should only be modifying the ACL of the current item!

    Also "Replace all child object permissions" is set to false for the folder I am modifying.

    • Answers
  • LPChip

    This is standard behavior. It will add the permissions you set to those folders, but marks them as child permissions.

    Go to a subfolder, and check its permissions, and you'll notice those permissions are greyed out (child permissions).

    If you want to have the child objects not have these permissions, you'll have to edit the first child folder and correct the permissions.

    Usually a network system administrator will suggest to have a subfolder with no childs created and apply the new rights to that folder, then move the files that should have these rights there. This way, any subfolder will have the same rights and you don't worry about child objects not having different access rights.

    Because if you deny a user to enter this directory, and you allow that user child directories, they will not be able to get there unless they manually enter that address. Only a person who knows that directory exists and how to manually get there will have access, something not many do. (which is why security settings are set to all child folders when changed, because it usually needs to have those permissions all the way down to the last child folder.


    • Related Question

    osx snow leopard - Terminal command to change permissions to my 'Sites' folder and apply change to enclosed items?
  • Ryan

    Using Snow Leopard, I'm having issues with permissions in my Sites folder. While I can navigate to localhost/~username and read any files or folders there, the same permissions have not been applied to enclosed items, and I get a 403 error trying to access them in the browser.

    If I select one of these enclosed folders and get info using Finder, I see the user 'Everyone' is set to 'No Access' but I can't change that (this behavior seems buggy, actually).

    And if I select my 'Sites' folder, the tool to 'Apply to enclosed items' is grayed out...

    Is there a Terminal command I can use to grant 'Read Only' access to my Sites folder, and all it contains, for the user 'Everyone'?


    • Related Answers
  • dmah

    Since OSX is BSD-ish, try

    chmod -R o+r Sites

    Your directories will need:

    chmod o+x [whatever directories]

    Without a Mac at hand, you might be able to do the above by:

    find Sites -type d -exec chmod o+x \{} \;

    which will find all of the directories under Sites and allow 'others' to enter the directory.