I'm working in IT at a biopharma lab, and I need users to have write access to a folder but without the ability to delete, rename, or edit the .txt files inside. I've managed to stop them from deleting or renaming files, but users can still overwrite existing files. Here's what I've set up with the NTFS permissions:
**Allow:**
- Traverse folder/execute file
- List folder
- Read attributes
- Read extended attributes
- Create files/write data
- Create folders/append data
- Write attributes
- Write extended attributes
- Read permissions
**Deny:**
- Delete subfolders and files
- Delete
- Change permissions
- Take ownership
Any ideas on how to achieve this? Thanks!
3 Answers
Have you thought about using a document management system? If your budget allows for it, systems like SharePoint or O365 could help manage file permissions better.
It sounds like you're looking for a WORM setup (Write Once Read Many). This would let users write files but prevent any modifications or deletions until a specified time. You might want to check out options like NetApp Snaplock, which locks files until an expiration date. Be cautious about how you implement this, as auditors might find loopholes in your setup, and that could lead to complications.
To fix the issue, try removing the append permission. I've set this up before with two different groups. One group has just the ability to list and create files, and the other can create, list, and append. Also, you really don’t need those explicit deny permissions; they complicate things unnecessarily.
Totally agree. Just using allow permissions tends to be cleaner.