Sunday, October 26, 2014

networking - NTFS permissions added from command line create protected root folder

I have 2 types of groups - read-only and read-write - with number per folder:


GROUP1_RO
GROUP1_RW
GROUP2_RO
GROUP2_RW
(...)

I'd like to create such directory tree:


SHARE
|-MAIN_FOLDER1
| |-SUBFOLDERS
| |-FILES
|
|-MAIN_FOLDER2
| |-SUBFOLDERS
| |-FILES
|
|-MAIN_FOLDER3
(...)

Every group has access to it's own MAIN_FOLDER* and group _RO can only read files but _RW can create folders, delete folders and files.


I want protect MAIN_FOLDERS* from being accidentally deleted by this _RW users.


Main goal is to create set of batch/cli commands that will prepare this folders one by one with accurate rights.


Tried to do this with icacls but i had problems with multiple rights ( invalid parameters ).


I did this manually by setting such rights:


    a) Enter Properties > Security > Advanced > Edit...
b) Uncheck "Include inheritable permissions from this object's parent" and choose "Remove"
c) Add group GROUP1_RO ( RO ) and set permissions:
+ Allow (( This Folder, subfolders and files ))
* Traverse Folder / execute file
* List folder / read data
* Read attributes
* Read extendet attributes
* Read permissions
- Deny
* Delete
e) Add group GROUP1_RW ( RW ) and set permissions:
+ Allow (( This Folder, subfolders and files ))
* Full control
- uncheck Take ownership
- Deny
* Delete

But setting this all manually for plenty subfolders is painful.
Is there any way to setup this by icacls ( or something else ) with different groups?


Greetings & thanks,
Mike

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...