Server Administration - Permissions
In a Nutshell - CIW Course Section 3, Part A2, Chapter 2
Permissions Overview
In it's simplest form permissions allow a user to perform a specific task. Local permissions apply to users logged on to a particular workstation, share-level permissions apply to users accessing a resource over the network. Basic file permissions are read, write, execute and print. The read permission allows a user to open a file. The write permission allows the user to create, modify or delete a file. The execute permission allows the user to run a program file. The print permission allows a file to be sent to a printer.
A user who creates a file becomes the file owner and will, by default, have full permissions on that file. Full permissions are granted to the root user in Unix and to the Administrator user in Windows.
Access Permissions: Windows 2000
Access permissions in Windows 2000 apply only across a network and control the privilege a user has to a network resource.
- Full Control
- Change
- Read
- No Access
Only the No Access really needs further clarification, this denies all access to a file by this user.
NTFS permissions apply only to a system that has the hard disk formatted with an NTFS partition. These provide more precise control over what rights a user has to a resource.
- (r) Read
- (w) Write
- (x) Execute
- (d) Delete
- (p) Change permission
- (o) Take Ownership
- Read & Execute
- List Folder Contents
Read & Execute allows a file to be viewed and run but allows no other action. Without the List Folder Contents files may not be seen on the disk or across the network.
Unix Permissions
The main permissions in Unix are read, write and execute which are similar in meaning to the universal permissions. These permissions apply to the user, the group and others respectively.
|
drwxr-xr-- |
In the above example the first character "d" indicates that this is a directory if it was a file, the first character would be "-". he next three characters show that the user has read, write and execute permissions. The next three characters show that the group members have read and execute permission, but not write. Finally, the last three characters indicate that all other users have only read permission.
Netware Rights
Netware rights are very specific to the Novell file system. They may look like other file system rights but, there are subtle differences.
- Read
- Write
- Create
- Erase
- Modify
- File Scan
- Access Control
- Supervisor
Read enables the file to be opened but without File Scan it cannot be viewed in a directory listing. Write permission will let you modify the file content but not the file name of other file attributes, to do this you will also need the modify privilege, Write permission does not confer create or delete permissions these should be granted explicitly. The Access Control permission allows the user to grant privileges to other users.