Permissões NTFS equivalentes ao Linux “--x” (chmod 111)

1

Desejo definir folder com permissões de modo que os usuários restritos possam acessar file.txt (em folder ), eles têm permissões para ler especificando o caminho completo, mas não podem listar o conteúdo de folder .

Por exemplo, no Linux, podemos fazer assim:

$ whoami
cychoi
$ mkdir folder && echo 'file content' > folder/file.txt
$ chmod 111 folder/
$ sudo ls -la folder/
total 12
d--x--x--x 2 cychoi cychoi 4096 Aug 18 21:52 .
drwx------ 3 cychoi cychoi 4096 Aug 18 21:52 ..
-rw------- 1 cychoi cychoi   13 Aug 18 21:52 file.txt
$ ls folder/
ls: cannot open directory folder/: Permission denied
$ cat folder/file.txt
file content
$

No Windows 7, limpo todas as permissões de folder , exceto execute/traverse (Aplicar a "somente esta pasta"). No entanto, ele não consegue ler o conteúdo de file.txt , mesmo que o caminho completo seja especificado.

Por outro lado, se read data/list directory também estiver definido para folder , file.txt será lido com sucesso, mas folder conteúdo será vazado para usuários restritos.

G:\ptest>whoami
user-pc\test

G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ /t & pause"
Enter the password for administrator:
Attempting to start cmd /c icacls g:\ptest\folder\ /t & pause as user "USER-PC\administrator" ...

g:\ptest\folder\ user-PC\test:(S,X)
                 BUILTIN\Administrators:(OI)(CI)(F)
                 NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                 user-PC\cychoi:(OI)(CI)(F)

g:\ptest\folder\file.txt user-PC\test:(F)
                         BUILTIN\Administrators:(I)(F)
                         NT AUTHORITY\SYSTEM:(I)(F)
                         user-PC\cychoi:(I)(F)

G:\ptest>dir
 Volume in drive G is ?????
 Volume Serial Number is DEAD-BEEF

 Directory of G:\ptest

18/08/2015  21:59              .
18/08/2015  21:59              ..
18/08/2015  21:59              folder
               0 File(s)              0 bytes
               3 Dir(s)   4,779,642,880 bytes free

G:\ptest>dir folder
 Volume in drive G is ?????
 Volume Serial Number is DEAD-BEEF

 Directory of G:\ptest\folder

File Not Found

G:\ptest>type folder\file.txt
Access is denied.

G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ /grant test:(rd) & pause"
Enter the password for administrator:
Attempting to start cmd /c icacls g:\ptest\folder\ /grant test:(rd) & pause as user "USER-PC\administrator" ...

G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ & pause"
Enter the password for administrator:
Attempting to start cmd /c icacls g:\ptest\folder\ & pause as user "USER-PC\administrator" ...


g:\ptest\folder\ user-PC\test:(S,RD,X)
                 BUILTIN\Administrators:(OI)(CI)(F)
                 NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                 user-PC\cychoi:(OI)(CI)(F)

G:\ptest>dir folder
 Volume in drive G is ?????
 Volume Serial Number is DEAD-BEEF

 Directory of G:\ptest\folder

18/08/2015  21:59              .
18/08/2015  21:59              ..
18/08/2015  21:59                12 file.txt
               1 File(s)             12 bytes
               2 Dir(s)   4,779,642,880 bytes free

G:\ptest>type folder\file.txt
file content
G:\ptest>

Então, como posso obter o mesmo comportamento que no exemplo do Linux mostrado acima?

    
por cychoi 18.08.2015 / 18:00

0 respostas