Are Windows file permissions bound to the file, or the file system location?

Do Windows file permissions follow:

  1. The file, or...
  2. The file system location

Say I have a file at "C:\MyFile.txt". I set some very specific permissions on this file.

Later, I copy a new file over the top of that one. Same name, same file system location.

Does it inherit the same permissions, or does it bring its own permissions with it?


Solution 1:

At the moment a file is created, it gets assigned those permissions marked as Inheritable-by-files from the directory it was created in. For the life of that file it will only change permissions if:

  • Permissions are changed directly on the file itself
  • A change higher up the directory-tree affects one of the Inherited permissions it already has (add or subtracts).
  • A change higher up the directory-tree adds or removes an Inherited permission
  • Higher up the tree an admin does a "replace all permissions to subordinate objects" push, which overwrites any permissions on the file with those the admin is pushing down the directory tree.

A critical thing to keep in mind is that all NTFS permissions are explicit. An inherited permission is a permission with an 'Inherited' flag set, but it is still that permission. For all but the top bullet point, Windows has to touch every single file below the point the inheritable-permission was changed in order to actually make the change.

This is why if you make a permission change at the top of a 5-million file directory-tree and hit the 'cancel' button in a panic, you have screwed yourself. For that permissions will be inconsistently applied across that 5-million file directory tree and the only way to fix it is to set the permission and let it complete application and then remove it again, or to do a 'force these permissions to everything below me' which'll remove any custom permissions below that point.

Anyway...

As noted elsewhere, moving a file within the same filesystem does not count as a 'create' so it retains whatever permissions it had when it started. A move between filesystems is a 'create' so the file will receive permissions based on where it is moved to.

Most applications consider an 'overwrite' to actually be a 'delete and re-create' which causes the overwritten file to receive inherited permissions based on its location. If the overwrite is actually, 'zero out the file and repopulate with new data' it isn't a create and will retain whatever permissions it had before the overwrite; applications that do this are rare.

Solution 2:

The answer is: you will lose the permissions settings, if you will replace the file with the new one (the new file will bring its own permissions - depend on which way will you use for moving it over the old one), and so it will do if you just copy the file somewhere else. It will not lose the permissions settings, if you will just rename it or move to a different directory.

See How Permissions Work on the technet and Understanding Windows NTFS Permissions for more details on the topic.

More specific explanation: http://www.tech-faq.com/ntfs-permissions-after-copying-or-moving-files.html (thanks kwbaker for the link)

The buttom-line:

When a file is Copied, it will inherit the permissions of the folder it is copied to. If the file is Moved - it will retain its original permissions at its new location. (Jeff Hengesbach)