What permissions should i set

Read my previous post on how to take ownership of files and folders in Windows if you are currently not the owner. If you right-click on a file or folder, choose Properties and click on the Security tab, we can now try to edit some permissions. Go ahead and click the Edit button to get started. At this point, there are a couple of things you can do.

This is because of the inheritance I was talking about earlier. However, you can check items on the Deny column. So if you just want to block access to a folder for a specific user or group, click the Add button first and once added, you can check the Deny button next to Full Control.

It will show you all the users and groups. Click OK and the user or group will be added to the access control list. Now you can check the Allow column or Deny column. As mentioned, try to use Deny only for users instead of groups. Now what happens if we try to remove a user or group from the list. In order to disable inheritance, you have to go back to the main Security tab for the file or folder and click on the Advanced button at the bottom.

In Windows 10, they just moved that to the top and you have to click Change. Anyway, in Windows 7, click on Change Permissions at the bottom of the first tab.

When you do that, another dialog box will popup and it will ask you whether you want to convert the inherited permissions to explicit permissions or whether you just want to remove all the inherited permissions. Clicking Remove , will start you off with a clean slate. In Windows 10, it looks slightly different.

After clicking on the Advanced button, you have to click on Disable Inheritance. The Convert option is the same as Add and the second option is the same as Remove. The only thing you have to understand now is the Effective Permissions or Effective Access tab. So what is effective permissions? I have a text file and my account, Aseem, has Full Control. Now what if I add another item to the list so that the group Users is denied Full Control.

Will there be any problems with that? I'm sure other vulnerabilities due to read access. But stil, i need to ensure certain folders are not readable. I changed apache and ssmtp. I would like to know others.

Any file that contains a password or passphrase should be readable only by the user s and group s if applicable that need to access this password. The same goes for files containing any other kind of confidential information.

Don't do it, it hurts. It's rare to have a mail password in the system configuration. Usually, mail uses passwords to authenticate users, not systems, so that password would be somewhere in your home directory. When you use unusual features, you do need to check that you are using them securely in this case, I suspect you're not using the right tool for the job. I know it's basically the same answer I gave to your other question, but in addition to what Gilles has said, you should use an automated security audit tool like tiger.

If your distro ships a setting by default, and tiger doesn't warn about it, then the setting should be fine. For files and folders you create yourself, you can and should use your own discretion.

In my experience and opinion, there are really only a few files and folders that shouldn't be world-readable, and there's almost never a good reason to have anything world-writeable. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Ask Question. Asked 10 years, 7 months ago. Should never be used, as anyone can modify these files at any time.

This permission value will typically fail in our hosting environment and is not recommend. More Info Request. What information are you looking for? Sample Pricing Guide Due to the nature of our services as a wholesale provider, we do restrict full pricing from being released.

You can request a sample pricing guide to give you some insight as to what you can look forward to by becoming a partner with Synergy Wholesale.