My Problem: My app creates a folder with some files that it shares with other accounts. This works fine as long as the other accounts just update the existing files. But when they create new files, these are owned by that account and the sharing account (e.g. my app) has no access to them.
So my question is: Is there a way I can enforce that all files created in or copied to the shared folder are owned by the account that created the folder, or that account has at least r/w - access to that files (like SetGID on directories with Unix/Linux)
Thanks for your help.
Related
I've seen a lot of answers on copying files that use code to set a network share, with credentials, to copy to somewhere else. However I need a solution that will allow a user to copy from a network share they already have access for, to a local drive they don't have access to.
We run RDS servers and have locked down direct access to the local C:/ drive on the servers. We have been given a 3rd party program that needs to read data files that must be stored in a fixed path on the C:/ drive. These data files are updated once a month. Our users have read access but we do not want to give them direct write access to the root C:/ drive.
I need to write a piece of vb.net, or command line code in .bat file that will copy files to the Local C:/ whilst providing the details of a service account to provide the access.
As mentioned I've seen a lot about setting up a mapping to shared folder and passing creds, however we don't want to set the C:/ as mapped shared drive in this instance.
You don't want the user having access to the C Drive in general, is there any particular reason the permissions on the particular subfolder the files are going to can't have overriding permissions to allow writing to just that folder?
If that will not work, first thought that comes to mind is having a helper program that can be ran under a different user that does have that access. Set up an intermediate folder the user can write to, the program that they can launch drops the files into a folder they have access to. Helper program watches for files in the intermediate folder, moves them to where they need to be.
Set up would need to include adding a user that does have access to both locations, and then adding to task manager to launch the helper program under that other user at login.
Is there a way to create or set permissions on a Google Drive folder that allows users to create or upload files to the folder, but not create additional nested folders? Ultimately I would like users to be able to add files to folders, but not change the overall folder structure.
I've been able to set the role of the user for a folder:
https://developers.google.com/drive/api/v3/reference/permissions/create
However, once I give "writer" permission to a user they are able to both upload files and create folders.
https://developers.google.com/drive/api/v3/manage-sharing
Unfortunately, the permission and role functionality combined with the structure of Drive don't allow for the ability to allow users to upload and edit files without also allowing them to change the apparent folder structure of the Drive.
As stated on the Google Drive REST API Documentation about Permission structures in Drives, a file's permission consists of four parameters:
Permission Type (user/group/domain/anyone)
Email Address accociated with the permission
Domain that has access to the permission
Role
There are only 5 assignable roles for file permissions, as can been seen in this table:
Additionally, Google Drive doesn't use a file system, and in actual fact folders in Drive are just files with MIME Type application/vnd.google-apps.folder. You can see this by querying the MIME Type of a folder ID or on the Drive Supported MIME Types reference.
I'm trying to create a project structure that has a shared folder and a private folder. Everyone has access to the shared folder and everyone in the group has access to only their private folder. Whats the best way to do this ?
According to Google Drive Files and Folder Permission you can set the level of the availability of your files and folders.
Types, roles and values: how the permissions work
Lists of permissions are available for each file and folder in Drive.
Each permission specifies a type, role, and emailAddress or domain,
permitting a level of access to a file or folder. These values work
together to limit the access appropriately. The type limits access to
a set of users. The email address and domain fields specify which
users can have access. Finally, the role gives these users the ability
to do something to the file, like read it. When combined, these
properties define a complete permission.
recently I have created a share folder (in windows8) in my organization where everyone has to submit their work. But later I found some one deleting files of others.
From now onward I want keep an eye on the shared folder. Is there any way to save the logs in shared folders. I tried using windows event logs but I am not able to find what I want.Please some one help me.
Windows may log certain authentication events in the Security event-log, however this will only contain useful information if you used local user accounts and gave each person their own local user account (but if you did that, you could prevent them from deleting each others' files).
However Windows does not log SMB share file activity. The Shares list in MMC/Computer Management only lists currently active/open shares too.
All I can suggest is to avoid this from happening in future by either tightening security by creating user-accounts for each person and giving them their own shared directory which only they (and you) have write-access to. Another alternative is to have a program running in the background on your computer that monitors the shared folder for new files and when it detects a file has been placed it moves it away to an inaccessible directory elsewhere.
I have a shared folder in my network where a lot of users access and store their documents. I'm admin of this shared folder and I've denied delete permissions for all other users.
The problem starts when a user creates a new folder and tries to rename it.
Windows says "Access denied"
I'm assuming that this might be because I've denied delete permissions for that user.
(Since Rename=Delete+CreateFolderWithNewName)
Is there any way so that I can keep the delete permissions intact, and allow the user to rename his files/folders?
Or any other workarounds?
I'm using Windows Server 2008 and NTFS file system.
As suggested, you should look into the folder design / your setup.
A kind of Work around, is to give "Delete" and "Delete subfolders and files" rights to "CREATOR OWNER", then the creator of the file or folder is able to rename (and delete) his own files/folders.
Maybe you could Schedule a nightly powershell script (not privided) which takes ownership of all files and folders, to restrict owners from future renaming/deletion of files
If they creating in the shared folder it will inherit the permissions of the shared folder. You would need to break inheritance and allow delete permissions on the sub folder to achieve what you want.
There are two managable solutions if there are alot of folders created in the root.
Write a service/application to do that for you.
Create a series of folders (perhaps person/team based) in the folder, change the permissions on them and tell users to store files in there.