this post was submitted on 08 Jul 2024
640 points (96.9% liked)

Programmer Humor

32476 readers
698 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 4 months ago (1 children)

I'm a sysadmin and I work with Windows a lot.

The short version is that only the users granted permission to a given set of files can access those files. With NTFS permissions it's... Complicated. You can have explicit permission to a file, or implied permission via a group that you're a part of, or some combination of those things. You can also have read, but no write. You can have append but not create, you can have delete, but not list. It's a lot of very granular, very crazy permissions.

There's also deny permissions which overrule everything.

What has likely happened is that the posters user account doesn't have implied or explicit permission to the file, but if you sign in as an administrator, even if the administrator doesn't have permission to read/write/append/delete the file, the administrator has permission to take ownership of a file, and as owner, change the permissions of a file. Being owner doesn't mean you can open/read/write/append/delete anything, you can just change permissions and give yourself (or anyone else) permissions to the file.

Changing ownership is a right which, as far as I'm aware, cannot be revoked from admin level users. They can always change ownership. Owners of files cannot be denied the right to change the permissions of a file as far as I know. This will always result in some method by which administrative level accounts can recover access to files and folders.

In my experience, exceptions exist but are extremely rare (usually to do with kernel level stuff, and/or lockouts by security/AV software).

The poster might legally and physically own the device and all the data contained therein, and may have an administrative level account on that device, but the fact is, their NTFS permissions are not set to allow them access to the data. The post they're replying to is trying to let them know how to fix it by using an administrative level account and they're not tech-savvy enough to follow along.

I don't blame them. File permissions issues are challenging even for me, and I fully understand the problem.

[–] [email protected] 2 points 4 months ago (1 children)

Huh, having separate append permission is interesting. i didn't realize that was an option.

[–] [email protected] 2 points 4 months ago

Yep, there's actually quite a few more than what I mentioned, if you get into the advanced dialogs.

IMO, it's unnecessarily complicated, but given that NTFS is used for network file sharing in large companies, I get why it's so crazy. They probably demand those kinds of granular permissions.

I know Linux is a lot simpler. Just read/write/execute, and a single group, single owner, and a setting for "everyone else" kind of thing, which is generally sufficient for 90% of use cases.