Directory Permissions with POSIX Applications Under Windows NT

Last reviewed: May 9, 1997
Article ID: Q104924

The information in this article applies to:
  • Microsoft Windows NT operating system version 3.1
  • Microsoft Windows NT Advanced Server version 3.1

SUMMARY

In Windows NT, if you are using a POSIX application, you must have Execute (X) permissions to a directory in order for the POSIX application to be able to view that directory's files. Also, for the best performance of POSIX applications, it is recommended that the Bypass Traverse Checking Right option be enabled.

MORE INFORMATION

Under POSIX, there are three types of permissions and three groups are assigned to these permissions. The permissions are R (read) W (write) and X (execute). The three groups are Owner, Group, and Everyone. The permissions are displayed in the following manner for files and directories respectively (using the UNIX directory command, ls -l):

   -rwxrwxrwx    1 Everyone Everyone    35328 Jul  8 14:25 AR.EXE

   drwxrwxrwx    1 Everyone Everyone    0     Aug 27 13:45 DEFAULT

   NOTE: The first bit is left blank for files and is set to "d" for
   directories.

The preceding 9 bits (after the directory bit) are used to set read write and execute permissions for the three groups as follows:

   - rwx  rwx  rwx
     |__| |__| |__|
      |    |    |
   Owner Group Everyone

The Execute bit (X) is required to be set for the group the user belongs to in order for that group's users to have access to a directory. The reason execute permissions are required on directories relates to the design of UNIX file systems. The Execute permission is set to allow users to view the contents of a directory. Because the UNIX file system knows that directories are not executable, it uses the Execute bit only for allowing access inside the directory. This is nothing more than a definition; it is a way of stating that users are allowed to enter directories.

If POSIX applications are running slowly, verify that the user or their group has the Bypass Traverse Checking Right with the User Manager. By default, everyone has the right to Bypass Traverse Checking.

POSIX on Windows NT uses execute permissions the same way UNIX systems do, as does Microsoft Win32, on Windows NT. The Bypass Traverse Checking privilege means that permissions will only be checked on the last component of a path and not on the directory names preceding it. This feature is useful when performance is more important than security. If additional security is desired, this right can be removed.

For additional information on POSIX support in Windows NT, query on the following word in the Microsoft Knowledge Base:

   posix


Additional query words: prodnt slow
Keywords : kb3rdparty ntposixap
Version : 3.1
Platform : WINDOWS


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: May 9, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.