deleting files and security?
I have created a file via user 'u', say: 1.txt in c:\temp
Then removed user 'u' from access list, then using Explorer, I tried to
shellexecute the file, rename or delete but to no avail.
Then I ran 'cmd.exe' and cd\temp, then 'del 1.txt' and it worked!!
Why can I delete from command line and not Explorer?
Anyway, after trying to figure out how to deny a certain user from deleting
a file (even using cmd.exe), it appeared that this issue is related to this:
The last quirk is that if you have a directory with Full Control instead of
RWXDPO permissions, then you get a hidden permission called File Delete
Child. FDC cannot be removed. This means that all members of the group
Everyone can delete any read-only file in the directory. Depending on what
the directory contains, a hacker can replace a file with a trojan.
Now the question, why cmd.exe is allowed to delete the file and Explorer.exe
is not allowed?