Windows Thread, CREATOR OWNER entry in NTFS Security in Technical; I'm happy with NTFS permissions in general - combining permissions, inheritance, allow vs deny, inherited vs explicit, behaviour when copying ...
16th September 2010, 08:30 PM #1
CREATOR OWNER entry in NTFS Security
I'm happy with NTFS permissions in general - combining permissions, inheritance, allow vs deny, inherited vs explicit, behaviour when copying or moving files etc., but I just can't get my head around CREATOR OWNER.
I have XP Pro SP3 as a standalone. I can see a CREATOR OWNER entry in Security for some folders (such as c:\, c:\windows, c:\windows\system32) but not others (such as c:\documents and settings\MyUserName). I haven't seen a CREATOR OWNER entry in Security for any system or user-created files. This is the same whether I view the properties as myself or from the Administrator account.
I'm really confused - I know that the account that creates a file/folder is the initial owner and that ownership can be transferred to another user (if allowed to "Take Ownership"). Why do only some folders have the CREATOR OWNER entry and why don't files have the entry?
Finally, I suspect that it might not be of relevance in every day administration, but I'm studying for exams ... so I'll HAVE to understand!
Thanks for your time and patience.
16th September 2010, 09:53 PM #2
It can be very relevant e.g. I use on the parent folders for user profiles and home folders (the user folders under there are created by the OS at first logon)
Folder permissions tell the OS what permission to put on files and folders created within it. If it were Creator-owner:Modify, then when Alice creates a file in the folder that file will get given Alice:Modify rights. Bob would get Bob:Modify on files he creates and so on...
You might do something like this in a shared folder: Creator-owner:Modify, Everyone:Read. I could then put some lovingly written document in there, everyone could read it but they wouldn't be able to edit it and mess it up - I'm the only one allowed to mess it up!
It can get more complex than that in RL, but this is the basic concept.
2 Thanks to PiqueABoo:
Ignatius (17th September 2010), sjatkn (18th September 2010)
17th September 2010, 06:55 PM #3
Thank you for the responses. As soon as I read them, I had a "Doh!" moment. I've read the book several times and the part which deals with CREATOR OWNER just isn't written clearly. It might just have been written in Swahili. As soon as I read the comments above, the light went on.
A follow up though, about what happens "under the hood":
Does the CREATOR OWNER entry in the shared folder properties have a SID associated with it? I assume that, when Alice and Bob create their files or folders in the shared folder and the CREATOR OWNER permissions are inherited to the newly-created files or folders, the CREATOR OWNER SID (if it exists), is replaced by Alice's or Bob's SID?
17th September 2010, 08:54 PM #4
Hmm - now I'm confused! It'll be a few days before I can test it on a server. I just tried something on my stand alone XP Pro though ...
I created a NewFolder on my Limited User Desktop, disabled inheritance of permissions into it and added CREATOR OWNER: Modify. I logged on as Administrator and created test.txt in the NewFolder. I logged on as the Limited User and examined the permissions of test.txt. Administrator was present with Read and Read & Execute, but the was no CREATOR OWNER entry. I didn't expect a CREATOR OWNER entry as it's a file, rather than a folder. The Administrator: Read and Read & Execute were inherited from the containing folder's CREATOR OWNER: Modify and the owner was, as expected, Administrator.
I think that the confusion is in the terminology. There's a CREATOR OWNER entry (it's always in capitals) and there's the file or folder owner, as displayed via Properties > Advanced > Owner.
18th September 2010, 03:43 PM #5
NetworkAdminKB.com is down, though I've seen the document via google cache. It looks like there are a number of other interesting articles there so I hope that they manage to get it all working soon.
22nd September 2010, 06:35 AM #6
- Rep Power
Just as an FYI, if you take/change ownership of a file or folder, I don't believe it changes the creator/owner permission values to the new owner.
22nd September 2010, 05:29 PM #7
Yes, that's as I understand it too.
Originally Posted by Seker
22nd September 2010, 11:09 PM #8
I think it's like this: When Administrator takes ownership of a file the creator owner does become "Administrator", but the system adds new permissions to the security descriptor for file so the original owner still has the same access they used to have.
PS: Having just played for a few mins, sometimes it it definitely "like this" and sometimes it apparently isn't... can't figure out the trigger one way or another, possibly depends on what existing permissions the new owner already had. My head hurts now.
Last edited by PiqueABoo; 22nd September 2010 at 11:54 PM.
By imiddleton25 in forum Office Software
Last Post: 25th August 2010, 01:06 PM
By aaronjwilkinson in forum Windows Server 2000/2003
Last Post: 3rd June 2010, 05:33 PM
By madcyryl in forum Scripts
Last Post: 16th June 2009, 04:31 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)