• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

User and NTFS permission questions...

I

InlineFive

Diamond Member
I just noticed that the user "SYSTEM" has rights to all the files on the drive. Should this be so? I am experimenting with permissions on my machine and don't want to mess with anything too hard.

And the user "CREATOR OWNER" doesn't seem to have permissions to anything. However I see that it seems to give users who create files the ability to manage the permissions on their files. Is this correct? If I delete it can I restore it? Thanks!

Any snags I should know about?
 
The user "SYSTEM" is the local system account. If you have certain things running as system (say local services) and the system does not have access to the files it will fail. Generally speaking SYSTEM should have privilages to anything the local system security context would need to run.

CREATOR OWNER is a special set of privilages you can give that follows the ownership of a file; so if ownership of the files are transfered so goes the privilages. You'll frequently see this on larger networks where administrators will create a file share that users can only create directories, they will than give CREATOR OWNER privilage to work with the child objects. Effectivly users can go to a file share and create a new folder for themselves and have privilages to the folder they created but not to anyone elses. As mentioned an administrator can transfer ownership of files.
Any snags I should know about?
Click to expand...
I *hope* this isnt a production system you're messing with. Be careful because you can get yourself into all kinds of trouble if you set the wrong privilages in the wrong places...
 
Originally posted by: spyordie007
The user "SYSTEM" is the local system account. If you have certain things running as system (say local services) and the system does not have access to the files it will fail. Generally speaking SYSTEM should have privilages to anything the local system security context would need to run.

CREATOR OWNER is a special set of privilages you can give that follows the ownership of a file; so if ownership of the files are transfered so goes the privilages. You'll frequently see this on larger networks where administrators will create a file share that users can only create directories, they will than give CREATOR OWNER privilage to work with the child objects. Effectivly users can go to a file share and create a new folder for themselves and have privilages to the folder they created but not to anyone elses. As mentioned an administrator can transfer ownership of files.
Any snags I should know about?
Click to expand...
I *hope* this isnt a production system you're messing with. Be careful because you can get yourself into all kinds of trouble if you set the wrong privilages in the wrong places...
Click to expand...

It's my test rig. Don't worry about it. 🙂 Two more questions (sorry)

1. Is there a list of folders that should have SYSTEM access? And my AntiVirus starts using SYSTEM so theoretically should SYSTEM be able to access the entire drive? Can virus' start using SYSTEM?
2. How do I create CREATOR OWNER? Whenever I create it with no permissions (as is with the default it seems) it dissappears. Does this actually mean that CREATOR OWNER has no effect unless it has permissions?
 
1. Is there a list of folders that should have SYSTEM access? And my AntiVirus starts using SYSTEM so theoretically should SYSTEM be able to access the entire drive? Can virus' start using SYSTEM?
Click to expand...

SYSTEM should have rights to anything the OS should have rights to, there's no set rules other than the base things that come with the install. If your antivirus runs as SYSTEM you should probably give SYSTEM rights to anything you want the scanner to scan, whether the scanner deals with not being able to read things is up in the air.

2. How do I create CREATOR OWNER? Whenever I create it with no permissions (as is with the default it seems) it dissappears. Does this actually mean that CREATOR OWNER has no effect unless it has permissions?
Click to expand...

CREATER OWNER is more of an idea than a real account, when you setup something with CREATER OWNER rights any files created are owned by the user/group that created them and whatever rights are applied to CREATER OWNER are assigned to that user/group.
 
You must log in or register to reply here.
Back
Top