NTFS security permissions
1. Overview of NTFS permissions
1. By setting NTFS permissions, different users can access different permissions
2. Users can access their resources only after the correct access rights are assigned
3. Set permissions to prevent resources from being tampered with or deleted
Two, file system overview
File system is a method of organizing files on external storage devices
Commonly used file systems:
•FAT windows
•NTFS windows
•EXT linux常见
Three, NTFS file system characteristics
- Improve disk read and write performance
- Reliability
Encrypted file system
Access control list (set permissions) - Disk utilization
Compression
Disk quota - Support a single file larger than 4G
Four, modify NTFS permissions
4.1, cancel permission inheritance
Function: After canceling, you can modify the permission list at will. Method: Right-click the folder properties---security---advanced---remove the first check mark---select copy
4.2, file and folder permissions
File permissions, permissions, content, full control, have read, write, modify, delete files, and special permissions, modify, read and execute, read, write, special permissions, folder permissions, permissions, content, have full control, have read, write to files and folders Import, modify, delete files, and special permissions to modify, read and execute the contents of the listed folders, read and write special permissions
案例:
建立jimi文件夹,并设置NTFS权限,要求a用户只能读取文件夹中的文件,不能在jimi文件夹中创建新的文件,b用户只能在jimi文件夹中创建新的文件,不能读取文件,c用户有完全控制权限。
4.3. Permission accumulation
When users belong to multiple groups at the same time, the permissions are cumulative!
案例:
用户a同时属于IT组与HR组,IT组对文件夹jimi可以读取,HR组可以对jimi文件夹写入,则a用户最终的权限为读取和写入。
4.4. Obtain ownership
Only administrator has this permission by default! Role: You can change the owner of any folder to administrator
案例:
用户a已离职,但xxx文件夹的属主是a,由于a用户对xxx文件夹做过权限修改,导致其他用户对xxx文件夹没有任何权限,现需要管理员administrator用户将xxx文件夹重新修改权限。
4.5. The impact of file copying on permissions
After the file is copied, the permissions of the file will be overwritten by the permissions of the target folder.
Same partition copy-overwrite
Same partition move - unchanged
Move to different partitions - overwrite
Different partition copy - overwrite
本章练习:
1.创建一个文件夹,实现tom用户只能创建新的文件,jack用户只能读取及下载文件
2.普通用户创建文件,并设置权限,且未给管理员任何权限,管理员登录系统后,能够成功删除该文件