Microsoft KB Archive/104924

= Directory Permissions with POSIX Applications Under Windows NT =

Article ID: 104924

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows NT Advanced Server 3.1
 * Microsoft Windows NT Workstation 3.1

-



This article was previously published under Q104924



SUMMARY
In Windows NT, if you are using a POSIX application, you must have Execute (X) permissions to a directory in order for the POSIX application to be able to view that directory's files. Also, for the best performance of POSIX applications, it is recommended that the Bypass Traverse Checking Right option be enabled.



MORE INFORMATION
Under POSIX, there are three types of permissions and three groups are assigned to these permissions. The permissions are R (read) W (write) and X (execute). The three groups are Owner, Group, and Everyone. The permissions are displayed in the following manner for files and directories respectively (using the UNIX directory command, ls -l):   -rwxrwxrwx    1 Everyone Everyone    35328 Jul  8 14:25 AR.EXE

drwxrwxrwx   1 Everyone Everyone    0     Aug 27 13:45 DEFAULT NOTE: The first bit is left blank for files and is set to "d" for directories.

The preceding 9 bits (after the directory bit) are used to set read write and execute permissions for the three groups as follows:

  - rwx  rwx  rwx |__| |__| |__|     |    |    |   Owner Group Everyone The Execute bit (X) is required to be set for the group the user belongs to in order for that group's users to have access to a directory. The reason execute permissions are required on directories relates to the design of UNIX file systems. The Execute permission is set to allow users to view the contents of a directory. Because the UNIX file system knows that directories are not executable, it uses the Execute bit only for allowing access inside the directory. This is nothing more than a definition; it is a way of stating that users are allowed to enter directories.

If POSIX applications are running slowly, verify that the user or their group has the Bypass Traverse Checking Right with the User Manager. By default, everyone has the right to Bypass Traverse Checking.

POSIX on Windows NT uses execute permissions the same way UNIX systems do, as does Microsoft Win32, on Windows NT. The Bypass Traverse Checking privilege means that permissions will only be checked on the last component of a path and not on the directory names preceding it. This feature is useful when performance is more important than security. If additional security is desired, this right can be removed.

For additional information on POSIX support in Windows NT, query on the following word in the Microsoft Knowledge Base:

posix

Additional query words: prodnt slow

Keywords: kb3rdparty KB104924

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.