1

Mac station mounts Windows Network Share using "MAC" user credentials:

enter image description here

NTFS permissions set to MAC user are these:

enter image description here

Share Permission of VMAX CLIPS are: Everyone > Control Total. In this case only NTFS should be taken into account as they more restrictive.

However I can still create folders and files from Mac in this share:

enter image description here

I can also delete folders and files I create. However I am not able to delete other content that was not created by me.

Windows and Mac are not in a domain.

Why I can create and delete folders in the share if NTFS permissions dont allow me to do it?

Okrx
  • 73
  • 1
  • 12
  • You need to click on 'Avançado' to see the inheritance and advanced permissions config. It's likely VSNVMAX01\Mac (or .\Users) has rights to create folders/files. Once you create a folder/file, you're the owner, so you have rights to modify/delete it by default. – jscott Oct 06 '17 at 18:08
  • You're totally right. If you want to you can publish it as an answer and will accept it. – Okrx Oct 07 '17 at 14:33

1 Answers1

1

Through some ACE, the user VSNVMAX01\Mac has, at least, create folder rights. It's possible this is an explicit entry or granted via a group membership such as the local Users group. Once VSNVMAX01\Mac creates a folder, they are the owner. An owner will have full rights to delete the newly created folder. As VSNVMAX01\Mac is not the owner of the folders they did not create, VSNVMAX01\Mac will not have access to modify these folders unless granted rights.

You can view the advanced permissions or use the Effective Access tool to see more details.

jscott
  • 24,484
  • 8
  • 79
  • 100