Desejo definir folder
com permissões de modo que os usuários restritos possam acessar file.txt
(em folder
), eles têm permissões para ler especificando o caminho completo, mas não podem listar o conteúdo de folder
.
Por exemplo, no Linux, podemos fazer assim:
$ whoami
cychoi
$ mkdir folder && echo 'file content' > folder/file.txt
$ chmod 111 folder/
$ sudo ls -la folder/
total 12
d--x--x--x 2 cychoi cychoi 4096 Aug 18 21:52 .
drwx------ 3 cychoi cychoi 4096 Aug 18 21:52 ..
-rw------- 1 cychoi cychoi 13 Aug 18 21:52 file.txt
$ ls folder/
ls: cannot open directory folder/: Permission denied
$ cat folder/file.txt
file content
$
No Windows 7, limpo todas as permissões de folder
, exceto execute/traverse
(Aplicar a "somente esta pasta"). No entanto, ele não consegue ler o conteúdo de file.txt
, mesmo que o caminho completo seja especificado.
Por outro lado, se read data/list directory
também estiver definido para folder
, file.txt
será lido com sucesso, mas folder
conteúdo será vazado para usuários restritos.
G:\ptest>whoami user-pc\test G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ /t & pause" Enter the password for administrator: Attempting to start cmd /c icacls g:\ptest\folder\ /t & pause as user "USER-PC\administrator" ... g:\ptest\folder\ user-PC\test:(S,X) BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) user-PC\cychoi:(OI)(CI)(F) g:\ptest\folder\file.txt user-PC\test:(F) BUILTIN\Administrators:(I)(F) NT AUTHORITY\SYSTEM:(I)(F) user-PC\cychoi:(I)(F) G:\ptest>dir Volume in drive G is ????? Volume Serial Number is DEAD-BEEF Directory of G:\ptest 18/08/2015 21:59 . 18/08/2015 21:59 .. 18/08/2015 21:59 folder 0 File(s) 0 bytes 3 Dir(s) 4,779,642,880 bytes free G:\ptest>dir folder Volume in drive G is ????? Volume Serial Number is DEAD-BEEF Directory of G:\ptest\folder File Not Found G:\ptest>type folder\file.txt Access is denied. G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ /grant test:(rd) & pause" Enter the password for administrator: Attempting to start cmd /c icacls g:\ptest\folder\ /grant test:(rd) & pause as user "USER-PC\administrator" ... G:\ptest>runas /u:administrator "cmd /c icacls g:\ptest\folder\ & pause" Enter the password for administrator: Attempting to start cmd /c icacls g:\ptest\folder\ & pause as user "USER-PC\administrator" ... g:\ptest\folder\ user-PC\test:(S,RD,X) BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) user-PC\cychoi:(OI)(CI)(F) G:\ptest>dir folder Volume in drive G is ????? Volume Serial Number is DEAD-BEEF Directory of G:\ptest\folder 18/08/2015 21:59 . 18/08/2015 21:59 .. 18/08/2015 21:59 12 file.txt 1 File(s) 12 bytes 2 Dir(s) 4,779,642,880 bytes free G:\ptest>type folder\file.txt file content G:\ptest>
Então, como posso obter o mesmo comportamento que no exemplo do Linux mostrado acima?
Tags ntfs file-permissions