Is it possible to set permissions on a folder in Windows (Server 2003 64bit) so that an account can write and modify, but not execute?
If I set modify permissions, windows seems to insist I also set execute permissions.
This seems like a common scenario to me, as a lot of the logging routines I encounter need to be able to rename or move (effectively delete) a log file to archive it. (eg, many programs create foo.log, and after 24 hours rename it to foo-[datestamp].log, and create a new foo.log for the subsequent day).
I know it's not a huge issue, but I'd be a happy bunny if the website accounts never had write and execute permissions on the same folder at the same time.
-
Read & Execute is a subset of Modify, so when Modify is allowed Read & Execute is, by definition, also allowed. See this table on Technet for details.
You can set the special permissions individually (and exclude Execute File) with the Advanced Security Settings window (click Advanced on the Security tab).
From Phil Ross
0 comments:
Post a Comment