If you let people read a file, then they can copy it

Raymond Chen

Here’s a question that floated past my view:

How do I set the ACLs on a file so users can read it but can’t copy it? I can’t find a “Copy” access mask that I can deny. If I can’t deny copying, I’d at least like to audit it, so I can tell who made a copy of the file.

There is no “Copy” access mask because copying is not a fundamental file operation. Copying a file is just reading it into memory and then writing it out. Once the bytes come off the disk, the file system has no control any more over what the user does with them.

Author

Raymond Chen

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.

If you let people read a file, then they can copy it

Author

0 comments

Read next

Okay, I changed my mind, I wrote a book after all

What does an invalid handle exception in LeaveCriticalSection mean?

Author

0 comments

Read next

Okay, I changed my mind, I wrote a book after all

What does an invalid handle exception in LeaveCriticalSection mean?

Stay informed