Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Ansgar -59cobalt- Wiechers (bugtraqplanetcobalt.net)
Date: Wed Sep 05 2007 - 06:26:49 CDT
On 2007-09-04 Megan Kielman wrote:
> Ansgar/Geekwench -
> I believe that both of you have misunderstood the original question.
You believe wrong.
> The OP specifically asked what would happen if the Create
> Folders/Append Data & Create Files/Write Data permission were removed
> because he ONLY wants to provide Read and Execute permission to that
> directory. I followed his question with another question about why
> when Read and Execute, List Folder Contents, and Read are granted,
> there is a "special" permission" allowing users to Create
> Folders/Append Data and Create Files/Write Data.
To repeat myself: there isn't. Read permissions do NOT include (nor do
they imply) the special permissions "Create Files/Write Data" or "Create
> You both keep mentioning that Create Folders/Append Data & Create
> Files/Write data is needed so users can do their work
Which is why this set of permissions is the DEFAULT for newly created
volumes. You can change permissions from there.
> but in my experiences there are many cases where users only need to
> read for certain directories.
So? If that's all they need then grant them only that.
> Is there some functional reason why read only on directories is not
> sufficient? Is it temp files, as The OP asked earlier?
Nobody ever said read permissions were not sufficient for read-only
access. You keep misreading what's been said in this thread. All I've
been saying is that removing the special permissions MAY cause problems
(e.g. in situations where opening a file results in creation of a
temporary file in the same directory). It's up to the OP to decide if he
can live with these issues, or if they're issues for him in the first
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq