Why can a user can delete file despite the file's NTFS ACl disallowing deletion?
Applies to
- ONTAP 9
- NTFS
Answer
- User has the Delete-Child permission on the parent folder of the file
-
nas-cm911::*> show-effective-permissions -vserver fchen_11 -win-user-name fchen@nas-deep.local -path /vol1/folder1 (vserver security file-directory show-effective-permissions) Vserver: fchen_11 Windows User Name: fchen@nas-deep.local Unix User Name: root File Path: /vol1/folder1 CIFS Share Path: - Effective Permissions: Effective File or Directory Permission: 0x1f01ff Read Write Append Read EA Write EA Execute Delete Child Read Attributes Write Attributes Delete Read Control Write DAC Write Owner Synchronize
-
- Consequently, NTFS rules allow user to delete file, even if the file's ACL disallows deletion
-
nas-cm911::*> show-effective-permissions -vserver fchen_11 -win-user-name fchen@nas-deep.local -path /vol1/folder1/test.txt (vserver security file-directory show-effective-permissions) Vserver: fchen_11 Windows User Name: fchen@nas-deep.local Unix User Name: root File Path: /vol1/folder1/test.txt CIFS Share Path: - Effective Permissions: Effective File or Directory Permission: 0x1e0080 Read Attributes Read Control Write DAC Write Owner Synchronize
-
Additional Information
- NTFS Permissions : An Overview
- “Delete Subfolders and Files - Allows deleting contents within a folder, even without explicit Delete permission on those items”
- How to understand NTFS permissions within a Windows environment