Is it possible to set a folder permission so that you (in this case a .net app), can see if a file exists - but not read any data.
I want to be able to set permissions, so:
- A user can tell if a file exists
- A user can write to the folder.
- No other permissions (can't read / delete etc).
-thanks Alex.
Depends on the version of Windows... just looking at Win7, "List Folder contents" is its own item on the basic Permissions page. Other items are Full Control, Modify, Read & execute, Read, Write, and Special permissions.
Just checked: XP Pro has the same options.
So setting removing all permissions except "Write" and "List Folder Contents" should do what you're after (you might need "Modify" as well, if you'll need to update existing files).
Assuming you are talking about Windows...
The logical direct best-effort way to do this, I think, is if you set the permissions on the folder (and you'll have to use the Advanced button within the Security tab in the folder's Properties) to Allow Traverse Folder/Execute File, Allow Create Files/Write Data, and Allow Create Folders/Append Data.
Unfortunately List Folder/Read Data is a single permission so you can't split that up on the permission level from Windows. Users will be able to write and append files and folders, but not list the folders or read the files (or delete them).
However, a good work around would be instead of designing your app to test for the existence of files, test for the existence of folders, and place each file to be secured in its own folder. If you remove the List Folder/Read Data permissions from the folders inside a main folder, you can deny permission to your app of opening the files inside those subfolders, but allow them to see the existence of the subfolders.
I can do it in Windows Server 2003 however in Windows 2008 with the exact same file permissions it doesn't work. I can't figure out why. Below are my settings from Server 2003 which do what you've described. I use it with my FTP so that users can not read and write to the same directory. I did this after the porn people found my FTP once before and I suddenly became a porn server. This prevents such use even if someone has a login on the machine.
Directory Structure Pub Incoming Multiple folders Multiple files Outgoing Multiple folders Multiple files
Open Properties on Incoming and select the user, in my case my FTP user account Checkbox List Folder Contents, Write
Click Advanced. Uncheck the Allow inheritable permissions box and let it add the current settings. For the FTP User Account edit the settings and clear all flags except for DENY Delete Subfolders and files and DENY Delete. (the apply onto This folder and subfolders is selected above the permissions list) Click OK Now ADD a user and add this SAME USER. This time Checkbox Traverse Folder/Execute File, List Folder/Read file, Read Attributs, Read Extended Attributes, Read Permissions. click OK Now ADD a user and add this SAME USER again. This time checkbox Create Files/Write Data, Create Files/Append Data, Write Attributes/Write Extended Attributes. Click Ok.
Now just click OK your way out of the boxes.
As I said, I have it working perfectly on my Windows 2003 Server. I had it running perfectly on my Windows 2000 server. I can not make it work on my Windows 2008 R2 server.