Access rights - the owner can do anything
Are the dog and cat user access rights to the file (they are members of the group and do not belong to any other groups)?
If you think that the same, then it is worth reading this article to the end. They have different rights!
')
The reason is that according to the Windows concept of discretionary access control (DAC), the owner has the right to read and change permissions. And even an explicit prohibition for the account does not take precedence over the rights of the owner.
This behavior can be at odds with the policy of access to resources and lead to undesirable or erroneous changes in access rights.
In Windows Vista and Windows Server 2008, the Owner Rights account was introduced.
The ban on reading and changing permissions for this account takes precedence over owner rights.
However, the use of this feature should be treated with caution, since it is possible that you will lose the ability to change its rights by designating yourself as the owner of the resource. Such changes are reversible, the administrator account under no circumstances can lose the ability to control permissions.
If you think that the same, then it is worth reading this article to the end. They have different rights!
')
The reason is that according to the Windows concept of discretionary access control (DAC), the owner has the right to read and change permissions. And even an explicit prohibition for the account does not take precedence over the rights of the owner.
This behavior can be at odds with the policy of access to resources and lead to undesirable or erroneous changes in access rights.
In Windows Vista and Windows Server 2008, the Owner Rights account was introduced.
The ban on reading and changing permissions for this account takes precedence over owner rights.
However, the use of this feature should be treated with caution, since it is possible that you will lose the ability to change its rights by designating yourself as the owner of the resource. Such changes are reversible, the administrator account under no circumstances can lose the ability to control permissions.
Source: https://habr.com/ru/post/260923/
All Articles