With regards to my other question where I'm having some trouble with accessing external hard drive NTFS partition, as part of a suggested solution the concept of modifying file permissions and ownership has been described.
I've heard the words before, and have some (vague) general idea of a concept, but can somebody explain still - what is file ownership and what are NTFS file permissions, and are there some default values that would enable the files to be read on all computers, regardless of their operating system and account privileges? And how would those ownership and permissions be cleared so the files are readable by all?
31 Answer
what is file ownership and what are NTFS file permissions
On Windows, some file systems such as NTFS support the notion of an owner and access control lists (ACLs).
An ACL consists of a number of Access Control Entries (ACEs). An ACE consists of:
- a user or group
- a set of capabilities
- a setting of Allow or Deny for the capability.
ACLs can be inherited. So you can set ACLs on a folder, and files within will inherit the folder's ACL.
When Windows is asked to do something to a file, it checks the asking user, and groups the user is a member of, against each ACE.
- If an ACE says to Deny, Windows denies the action.
- If an ACE says Allow, Windows allows the action.
- If no matching ACE is found, Windows denies the action.
- Deny takes precedence over Allow and you usually only want to use Deny in special situations, typically you want the lack of an ACE to prevent access.
I believe if the user is the owner of a file, then any action is allowed.
A good idea is to use groups for ACEs, then add or remove users to groups. This avoids you having to check potentially many files for individual user permissions.
Some notes:
- Typically by the term permissions, it's meant either just the ACLs or the ACLs + owner.
- FAT file systems do not support owners or ACLs
- Different objects other than files in Windows can have ACLs, such as printers, scheduled tasks, and registry entries. The capabilities will be different.
- NTFS keeps track of ACLs and the owner as part of the files metadata, which also contains things like the filename and attributes.
So how do you change or look at these? Right click a file or folder, select Properties, and go to the Security tab.
Changing permissions is a capability that is part of file ACLs, so for example it may be that only a user in the local Administrators group can change permissions of a folder.
are there some default values that would enable the files to be read on all computers
Windows has a couple of "built-in" groups. One of those is "Everyone". If you create an ACL for "Everyone", and give "Everyone" all capabilities, then everyone can do anything to the file or folder. Obviously, be careful with this. You may need to be Administrator to make this change.
In your situation you can also make "Everyone" the owner, or yourself the owner.
0
