What does it mean for "OWNER CREATOR" to be the owner of a folder?

Question

I see folders with an owner of "OWNER CREATOR" and group of "DOMAIN\Domain Users". When I copy these files, the ownership is being transferred to me. That is not the behavior I want.

However, what does it mean for a folder to have an owner of "OWNER CREATOR"? This seems odd. I also noticed that this is not supported consistently between my local file-system versus various network file-systems. For example, NetApp seems to support this type of ownership but Isilon does not. Copying files to Isilon is causing problems.

Answer 1

In case people are wondering, after research with Microsoft, the following is the best I can explain what is going on.

CREATOR OWNER is a group. It has a SID. Thus, it can be assigned as an Owner of a File or Folder.

CREATOR OWNER has special meaning when used in an Access Control Entry (ACE). In that context, it's permissions apply to the SID of the Owner and not to the CREATOR OWNER SID itself.

It has no special meaning when used as an Owner. So in that context, it is just a SID for a group with no members.

If you assign CREATOR OWNER as the Owner, you are doing something that is allowed, but is not very useful. In this case, any CREATOR OWNER permissions from ACEs will apply to the CREATOR OWNER SID. Since this SID is a group with no members, the CREATOR OWNER privileges never apply.

IF CREATOR OWNER is the Owner and there are no CREATOR OWNER privileges, this is the same as if the file were owned by any other member-less group.

Answer 2

EVERY object in a Windows system (be it a file, a folder, a process, ...) has a both a security descriptor AND a current owner. The latter may be a group (e.g. "Administrators") or a single-user account.

A common security setting for both directories and printer queues is: "Users - Read/Write (or: Print), Owners-Creators: Full Access".

Does that mean, that the current owner of a specific directory has "Full Access"? No, not necessarily. BTW: In W2k8/WV there are "Owner Rights", but that is another topic!

Now: Does that mean, that a user, who stores a new file in such a directory, has "Full Control" over this file, despite the fact, he was given "Read/Write"? YES!!!

And why is that? "Read/Write" is for current (i.e. existing) files / directories only! For NEW files, THAT SPECIFIC user is now the Owner/Creator, who can determine which other users may (or may not) access this file, and to which extend.

To preserve permissions when files and folders are copied or moved, use the Xcopy.exe utility with the /O or the /X switch.

Answer 3

The permissions support tied to a file is dependent on the file system that you have formatted your storage with. When coping files between two different file systems, the host system you use may be significant. You did not specify what file system you network storage was using, but that would help to give better answers.

NTFS

NTFS uses Owners, and ACLs with sub entries for other users. You can have several users or groups that have any combination of permissions to a file.

https://technet.microsoft.com/en-us/library/2005.11.howitworksntfs.aspx

EXT3, EXT4, etc.

Most linux/Unix built file systems are built around one user (Owner), one group, and everyone else (other).