File Permissions from Windows

# File Permissions from Windows

### Windows Permissions

Modern Windows filesystems have considerable flexibility in specifying exactly who can do what to a given file or folder. As with Unix and Linux systems, the concepts of "owner", "group", and "everyone" (the world, or "other") are fairly simple and not difficult to understand. Likewise, the permissions for each of these groups can encompass read-only access, read/write access, and execute access.

What Windows filesystems also allow is adding permissions for individual users to a given file or folder. This is referred to as an Access Control List (or ACL), and dates back to the similarly named concept on the old VMS operating systems. An individual rule to allow someone enhanced access is referred to as an Access Control Entry or ACE. Note that Unix/Linux systems as currently deployed at NRAO do not have ACL or ACE support, though that is expected to change (and it's unclear at the time of writing whether the ACLs will be transparent from windows to Linux systems).

One key difference between Windows and Unix permissions is that on windows, files and directories, when created, inherit the permissions from their parent directory (folder). This is not the case for Unix or Linux; see below for more details. If you are working on the NetApp mixed mode file system, this is important (i.e, you'll probably want to create a sub-folder (subdirectory) from the windows side to make sure Windows permissions work correctly).

WARNING! You should never change the permissions of your top level home directory on cvfiler (\\cvfiler\users\{yourname}) via right clicking and choosing "properties" from the Windows file explorer. If you need or want to change permissions on your home directory, do it on a Unix or Linux system. Failure to follow this advice may lead to you losing e-mail and other undesirable things.

To find out about the permissions on a file or folder, use the explorer as shown in the example on the below: you get this menu by right-clicking on the file or folder (i.e., put the mouse pointer over the file name or icon, then depress and hold the right mouse button [or left, if you have set your mouse for left-handed use]). Then drag the mouse pointer down to the "Properties" item at the bottom, and release the mouse button.

This will bring up the dialog box shown below. Its purpose is to show all sorts of details or "properties" about the file or folder. Depending on whether the file is on a local or remotely shared system, and some other details, there will be one or more tabs at the top of the dialog box. If one of these says "Security" then you should click on it. If there isn't a security tab, then you are either looking at a filesystem or share that does not support advanced protection, or you have no permissions to even view such things (let alone change them).

If you get this far, you will now see the Security tab and its options revealed, perhaps something similar to that in the dialog box below. Press the "Permissions" button to bring up the next (and final!) dialog box.

Finally, we have the means to change permissions on this file! The example shown below is a rather insecure case, where everyone has full privileges to do anything to the file. A better scenario would be where "everyone" has read access, one or two groups may have read (and possibly write) access, and you (the owner) have read/write access to the file.

You can press the "Add" button to add an extra permission or Access Control Entry (ACE) to the Access Control List (ACL).