Desejo definir folder com permissões de modo que os usuários restritos possam acessar file.txt (em folder ), eles têm permissões para ler especificando o caminho completo, mas não podem listar o conteúdo de folder .
Por exemplo, no Linux, podemos fazer assim:
$ whoami
cychoi
$ mkdir folder && echo 'file content' > folder/file.txt
$ chmod 111 folder/
$ sudo ls -la folder/
total 12
d--x--x--x 2 cychoi cychoi 4096 Aug 18 21:52 .
drwx------ 3 cychoi cychoi 4096 Aug 18 21:52 ..
-rw------- 1 cychoi cychoi 13 Aug 18 21:52 file.txt
$ ls folder/
ls: cannot open directory folder/: Permission denied
$ cat folder/file.txt
file content
$
No Windows 7, limpo todas as permissões de folder , exceto execute/traverse (Aplicar a "somente esta pasta"). No entanto, ele não consegue ler o conteúdo de file.txt , mesmo que o caminho completo seja especificado.
Por outro lado, se read data/list directory também estiver definido para folder , file.txt será lido com sucesso, mas folder conteúdo será vazado para usuários restritos.
G:\ptest>whoami
user-pc\test
G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ /t & pause"
Enter the password for administrator:
Attempting to start cmd /c icacls g:\ptest\folder\ /t & pause as user "USER-PC\administrator" ...
g:\ptest\folder\ user-PC\test:(S,X)
BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
user-PC\cychoi:(OI)(CI)(F)
g:\ptest\folder\file.txt user-PC\test:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
user-PC\cychoi:(I)(F)
G:\ptest>dir
Volume in drive G is ?????
Volume Serial Number is DEAD-BEEF
Directory of G:\ptest
18/08/2015 21:59 .
18/08/2015 21:59 ..
18/08/2015 21:59 folder
0 File(s) 0 bytes
3 Dir(s) 4,779,642,880 bytes free
G:\ptest>dir folder
Volume in drive G is ?????
Volume Serial Number is DEAD-BEEF
Directory of G:\ptest\folder
File Not Found
G:\ptest>type folder\file.txt
Access is denied.
G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ /grant test:(rd) & pause"
Enter the password for administrator:
Attempting to start cmd /c icacls g:\ptest\folder\ /grant test:(rd) & pause as user "USER-PC\administrator" ...
G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ & pause"
Enter the password for administrator:
Attempting to start cmd /c icacls g:\ptest\folder\ & pause as user "USER-PC\administrator" ...
g:\ptest\folder\ user-PC\test:(S,RD,X)
BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
user-PC\cychoi:(OI)(CI)(F)
G:\ptest>dir folder
Volume in drive G is ?????
Volume Serial Number is DEAD-BEEF
Directory of G:\ptest\folder
18/08/2015 21:59 .
18/08/2015 21:59 ..
18/08/2015 21:59 12 file.txt
1 File(s) 12 bytes
2 Dir(s) 4,779,642,880 bytes free
G:\ptest>type folder\file.txt
file content
G:\ptest>
Então, como posso obter o mesmo comportamento que no exemplo do Linux mostrado acima?
Tags ntfs file-permissions