Cougie Absent Member.
Absent Member.
979 views

Disable inherited right on a sub folder

I can't find an option to disable inherited right on a folder like I can on a Windows environment.

Say I have a folder structure:

Share\main\restricted.

Users in the Everyone group has full access to the main folder.

I create a new a new restricted folder under main and give the 'restricted' group access to the restricted folder.

But users in the Everyone group can still access the restricted folder based on inherited right.

Is this doable in the "OES rights" tab when I right click on the select properties on the folder?

Thanks.
Labels (2)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: Disable inherited right on a sub folder

It may depend on what you mean by 'full access'; Supervisor rights cannot
be blocked as I recall, but anything else can be via an IRF within the
filesystem. If you have any objects with too many rights to the Volume or
NCP Server objects, I believe that may imply Supervisor within the
filesystem, though having that for 'Everyone' seems unlikely for security
reasons.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Cougie Absent Member.
Absent Member.

Re: Disable inherited right on a sub folder

Hi. Thanks for you reply.

The users groups do have supervisor access. But I can change this if need be. Users only need read/write access.
I just need to be able to restrict a subfolder for read/write access to to a particular group. However this is achieved.

Eg on a Windows server:
-I browse to a subfolder
-Go to security properties
-Disable inheritence.
-And then give write access to specific groups which means restricting all other groups.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable inherited right on a sub folder

On 09/12/2018 10:56 PM, Cougie wrote:
>
> Hi. Thanks for you reply.
>
> The users groups do have supervisor access. But I can change this if
> need be. Users only need read/write access.


Do; if you give them too many rights, unless something has changed in the
past few years without my knowing (possible) you cannot block that.
Supervisor can be blocked within eDirectory, but it cannot (or at least
could not) within the filesystem itself.

Giving more rights than necessary violates the Least Privilege principle,
and ultimately causes all kinds of problems in the world. It's best if
you can give what is needed, and nothing more, to avoid bigger, not
necessarily limited to IT, problems.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable inherited right on a sub folder

In article <Cougie.8nis3c@no-mx.forums.microfocus.com>, Cougie wrote:
> -Disable inheritence.


This is just one of the things that shows now opposite of good security
processes that Microsoft designed their NTFS file system rights back in
the 90's and now we are stuck with them and the warped mindsets it
causes. I still find is so hard to set up a Windows file share because
of have to start with the whole 'drop pants' path of let anyone write
as the first step.
90's Microsoft path was to let anyone do anything from anywhere, which
of course caused more than a few issues. This is one reason they are
building a very different mindset for storing files just to escape this
legacy.

NSS was designed with the best practical of only allowing what is
expressly granted with a natural flow down of rights. So it is hard
to easily map methods between the two. When you want to block rights,
that is when you explicitly set the IRFs AFTER making sure someone key
has the right rights within those folders.



Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
https://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.