I have 2 types of groups - read-only and read-write - with number per folder:
GROUP1_RO
GROUP1_RW
GROUP2_RO
GROUP2_RW
(...)
I'd like to create such directory tree:
SHARE
|-MAIN_FOLDER1
| |-SUBFOLDERS
| |-FILES
|
|-MAIN_FOLDER2
| |-SUBFOLDERS
| |-FILES
|
|-MAIN_FOLDER3
(...)
Every group has access to it's own MAIN_FOLDER* and group _RO can only read files but _RW can create folders, delete folders and files.
I want protect MAIN_FOLDERS* from being accidentally deleted by this _RW users.
Main goal is to create set of batch/cli commands that will prepare this folders one by one with accurate rights.
Tried to do this with icacls but i had problems with multiple rights ( invalid parameters ).
I did this manually by setting such rights:
a) Enter Properties > Security > Advanced > Edit...
b) Uncheck "Include inheritable permissions from this object's parent" and choose "Remove"
c) Add group GROUP1_RO ( RO ) and set permissions:
+ Allow (( This Folder, subfolders and files ))
* Traverse Folder / execute file
* List folder / read data
* Read attributes
* Read extendet attributes
* Read permissions
- Deny
* Delete
e) Add group GROUP1_RW ( RW ) and set permissions:
+ Allow (( This Folder, subfolders and files ))
* Full control
- uncheck Take ownership
- Deny
* Delete
But setting this all manually for plenty subfolders is painful.
Is there any way to setup this by icacls ( or something else ) with different groups?
Greetings & thanks,
Mike
No comments:
Post a Comment