Hello,

I have a good understanding of NTFS permissions, but I have a bit of a head scratcher.

When I set special permissions on a file, so that I have the exact same set of advanced permissions as "Read & Execute", OTHER than "Read Permissions", I am unable to open a file.

If I tick the "Read Permissions" permission, so that it is now exactly the same as "Read & Execute", I can then open the file.

My question is, why do I, or any user, require the "Read Permissions" permission to just open a file. I am not attempting to look at the permissions of the file, so I wouldn't imagine this would be required.

If someone could clarify, it would be greatly appreciated.

Thanks, Eds

Read permissions are required to read the file, if you cant even read the ACL (the permissions of the file), of course you cant read the file (considering you cant read whether or not you have the rights to open the file). Or in other words, the request to open the file data is first validated against the ACL (NTFS Permissions). Only when the permissions pass does it proceed to open the file data. In this case, the operation is terminated when the ACL itself cannot even be opened. See Access Masks.

Ok thanks, that makes sense.

I thought that that particular permissions was purely used to restrict people being able to go to the security tab, and see the results of the ACL.

I hadn't appreciated that you as the user are reading permissions first, then determining whether your account is allowed to open the file. I thought the initial check would be handled by the system, and not be in your own security context.

Thanks for clarifying.

Eds