Discretionary access control list (DACL) – a list of security principals; each has permissions that define access to an object
Access control entry (ACE) – an entry in a discretionary access control list
Object owner – usually the user account that created the object or a group or user who has been assigned ownership of the object
System access control list (SACL) – a file system component that defines the settings for auditing access to an object
Permission: Share and NTFS
The share permission is for the legacy FAT volume.
When share permission and NTFS permission collide, the more restricted one wins. So to reduce administrative effort, we can give full control on share permission and just tune the NTFS permission as required on a NTFS volume.
Rules to keep in mind when copying or moving files and folders within or between volumes:
- A file or folder copied within the same NTFS volume or to a different NTFS volume inherits permissions from the destination folder.
- A file or folder moved within the same NTFS volume retains its original permissions.
- A file or folder moved to a different NTFS volume inherits the destination folder’s permissions.
- A file or folder moved from a FAT or FAT32 volume to an NTFS volume inherits the destination folder’s permissions
- A file or folder moved or copied from an NTFS volume to a FAT or FAT32 volume loses all permission settings because FAT/FAT32 volumes don’t support permissions