read-write-execute permissions, the corresponding permission in the file mode mask for others is
set to read-only. The write-execute permissions of the inherited ACE are ignored in the mapping.
When an explicit deny ACE is added to a file’s ACL, the corresponding allow permissions are
removed for group and others in the file mode mask, and the corresponding special explicit ACEs
are updated accordingly.
An inherited deny ACE has no effect on the mode mask. Any explicitly set rights override inherited
restrictions.
To view a Windows ACL, right-click any file on a Windows 2003 server and select
Properties
.
Click the
Security
tab. The Security Properties tab for your file will look like the one shown below.
(If you right-click a directory, the additional permission List Directory Contents is included). This is
the ACL for a file named
postinfo.html
. The windows show the permissions granted to the
group Everyone by the ACL for this file.
Each Windows permission that is listed as Allow or Deny on the Security tab is a grouping of
related special permissions, as shown on the Permission Entry window.
Windows X9000 client
93