We saw some time ago that permission to delete a file is granted either
- if you have
DELETE
access on the file, or - if you have
FILE_DELETE_CHILD
access on the containing directory.
File attributes behave in an analogous way. Permission to read a file’s attributes is granted either
- if you have
FILE_READ_ATTRIBUTES
access on the file, or - if you have
FILE_LIST_DIRECTORY
access on the containing directory.
If you want the file’s attributes, you could always get it by reading the directory, because one of the pieces of information you get from FindFirstFile
is the file attributes. Therefore, having permission to read a directory implicitly gives you permission to read the attributes of any file in that directory.
(Note, of course, that write permission on attributes is another story.)
0 comments