HOW TO: Set Folder Security for Shared Folders

This article describes how to set sharing permissions on a Windows folder that is being used to hold Web site information. The permissions affect how other users can access the files over a Network File System (NFS) or Server Message Block (SMB) share, but they do not affect how users access the files and folders in Internet Information Services (IIS).

Translating UNIX Permissions to Windows

Most UNIX platforms use a simple user/group/other and a read/write/execute combination to set permissions for a specific file or folder. For example, you can set permissions on a file so that it is readable by everybody, but writable only by the user and group owner. There is also some specific behavior in UNIX, for example, users can only access the contents (or the list of files and folders) for folders that have Execute permissions. Additionally, UNIX uses the Execute permission bit on files to identify those files that can be run. If UNIX recognizes the file as a binary file, the file is run as a native binary. If the file is a text file, UNIX looks at the first line to check which program is used to run the file.

The Windows model is a little different (however, the basics concepts are the same). In Windows, files and folders can have Read and Write permissions, but these permissions are granted explicitly to individual users or groups of users instead of to the owner, the group owner, or everybody. You can also select whether to explicitly allow or deny this permission to this user or group. This model is similar to the Access Control List (ACL) model that is used by some UNIX variants. Additionally, Windows uses specific permissions to allow users to access folder content. Windows does not use Execute permissions on files. Windows uses the file name extension to determine whether a file (including script files) can be run.

The following list describes the basic rules for translating the permissions:

• The Read permission on a folder in UNIX is the same as the Read permission in Windows.
• The Write permission on a folder in UNIX is the same as the Write permission in Windows.
• The Read and Execute permissions on a file in UNIX are the same as the Read & Execute permission in Windows.
• The Write permission on a file in UNIX is the same as the Modify permission in Windows.
• The Execute permission on a folder in UNIX is the same as the List Folder Contents permission in Windows.
• The Read, Write, Execute permissions on a file or folder in UNIX is the same as the Full Control permission in Windows.

Setting Permissions for a File or Folder

To set the permissions for a file or folder:

1. Use Windows Explorer to locate the file or folder for which you want to edit the permissions.
2. Right-click the folder, and then click Properties.
3. Click the Security tab.
4. To add a new access control setting to the folder, click Add.
5. Select the users, computers, or groups that this access control setting is applied to, click Add, and then click OK.
6. To remove an access control setting, click Remove.
7. To edit the permissions for any group, select the user or group, and then use the corresponding check boxes in the Permissions pane.
8. Click OK to accept the settings, click Cancel to cancel any changes you have made, or click Apply to apply the changes without closing the file or folder properties.

For additional information about securing IIS for migrating from UNIX to Windows, click the article number below to view the article in the Microsoft Knowledge Base: