Hi Greg, hi all,
I'm looking for an option allowing me to copy not only contents of files or folders, but to include in the copy operation the explicit NTFS permissions (ACL's) set on these files/folders. Is it somehow possible?
Best regards
Freddy
Do any of the options on the Prefs->File Operations->Copying (1)->Copying (2) pages help out?
Thanks Freddy,
To be honest I wasn't aware of them until now.
I'm a bit more familiar with Unix permissions in linux.
It is an interesting question though.
If I made a tar archive of a file I created within a PHP script,
and didn't change the permissions of that file using a CHMOD statment in the script,
could I extract that file on a different Linux site, and still quite possibly not have the permissions to either delete the file,
or be able to change the three digit permissions of popular knowledge?
I tend to think my hypothesis would that the permissions of files contained in the tar file would remain intact.
Just my amateur thoughts on this 
Porcupine 
There is only this setting:[ul][li] Preferences[ul][li] File Operations[ul][li] Copying (2)[ul][li] Update permissions and encryption settings when moving files.[/li][/ul][/li][/ul][/li][/ul][/li][/ul]However, this option only applies to moving files, it does not pertain to copying files. I believe this is by design, since one generally defines NT security at a folder level. Thus, when one copies objects to the destination folder, those objects inherit the security settings of the new parent folder. I believe this option was added for Move, because in a move operation one is more likely to desire the source folder's security settings.
However, all of that being said, I feel there should be an option for the copy command as well.
Edit: I have submitted this as a feature request with GPSoftware.
Hi kenalcock, hi all,
I asked about it because I use Dopus for folder management in the network, where it is a great help. Actually, I have to use xcopy or robocopy. - Still it's not a trivial thing, as you mention, because of the inheritance stuff. See for instance 'Security explorer', a crazy expensive tool.
As far as I see, we would have in Windows the following security items: ownership, audit, access. But i would be happy to have the access permissions as a copy option.
BTW: You might know that a NTFS file can contain hidden 'alternate data streams'. It appears such streams are away after copying with Dopus. Many of my graphics files (jpg) on home PC have it. Of course they are also away if they leave the NTFS area (like CD). See here.
Best regards, thanks for input
Freddy
Freddy,
I'm not sure whether you had your question addressed in a separate location since the last post date on this thread is from May.
It isn't unexpected that a directory tool which deals with multiple DOS file systems would lose NTFS ACLs. Nearly all tools (except those specifically designed for moving files with their alternate data streams) have the same issue.
MS made a design choice for backward application compatability. If the tool doesn't ask NTFS whether the file HAS alternate data streams attached, there's no signal that they exist, so there's nothing else to copy.
Although I applaud the capabilities alternate data streams offer, I dislike some of the design choices MS made in implementing the concept. It would be nice, for example, for a tool to be able to copy a file and all of its data streams without knowing what they are.
Further, there would be some advantages to storing alternate data streams as a logically contiguous part of the block map for the file.
HOWEVER, notwithstanding the above, it would be extremely valuable were DOpus able to copy alternate data streams.
Moreover, (for me at least), it would be extremely helpful for DOpus to allow manipulation of the Properties Page ADS. I'd like to be able to use DOpus as a sort of personal document management system and maintain keyword, category and comment information in the PPADS so that the data DID move when use the appropriate copy tools (and copy to another NTFS filesystem).
At a very minimum, support of the Adobe XMP and Microsoft Office Metadata formats would help tremendously, as PDF, DOC, XLS, and PPT files comprise 95% of the document library and Dopus appears to support EXIF and IPTC metadata for JPEGs. Very few other file formats exist in my 2Gb document library.
[For those interest in alternate data streams, Mark Russinovich has written some good explanations at SYSINTERNALS.COM. (Marks company was aquired by Microsoft in August and Mark is now a "Microsoft Fellow," a prestigious designation. Marks tools were (and are) among the best freeware on the internet. I'd recommend downloading all of them while you still can, as there's no telling what the ultimate fate of the tools may be. Many will likely become included in a future OS SDK (though I suspect Vista is too far along in the dev cycle for inclusion of the tools).]
Mike Chambers
Stafford, TX
I'm curious, are there any (legitimate) things which use the NTFS alternative data streams? I've only ever heard of them being used to hide data or fill up the HDD without the user being able to tell where the space has gone (since they don't contribute to the file's reported size, from what I remember). Always seemed like one of those curious things in the underlying filesystem that nothing uses and probably nothing should use, but is still there all the same. 
I guess they'd be used more if people didn't have to worry about them being wiped by copying files or not being supported at all on FAT drives which are still used for all kinds of things, including almost all portable storage.
I wonder if any archive formats support the alternative streams?
Such a fragile place to store data!
Copying the file permissions when copyign a file seems like a good thing to have. If it hasn't already been sent to GPSoftware as a feature request I'll send in something along those lines.
I wonder if it, and to a lesser degree the option for moving files, should be arguments for the Copy command rather than global switches? With the option for moving I find myself turning it off most of the time (for standard Windows/Explorer behaviour) but on occasionally (when I need it). At least the way I use it it would be better to have some special Copy/Move buttons somewhere rather than keep going into Preferences.
Copying file permissions when copying to a network or removable drive would often be unwanted, for example.
Any thoughts?
@Nudel
RE: KA#00010
[quote="kenalcock"]@Nudel
RE: KA#00010[/quote]
Groovy; one less report to file. Ta.
Internet Explorer uses an Alternative Data Stream (ADS) each time you download an executable file from the Internet. It uses a ZoneIdentifier. See this very informative .pdf file link for more information. While the author isn't sure about his findings, he is correct. ZoneIdentifier ADS files are basically there to protect users from potentially dangerous downloads. (I needed to make some Internet Zones modifications and had to do my own research. But I'm no expert either.)
Opus does not list ZoneIdentifier ADS files when listing folders on a NTFS drive, but they are still there when the file is first downloaded. However, I often download files to my Iomega Rev drive (which uses the UDF file system). (I'm not sure what happens with them on a FAT32 drive).
When I see these files, I usually delete them (when I trust where I download the executables from). I have never thought to check if Opus copies the ADS files during a file copy or move.
Interesting. I didn't know about that.
It'd be pretty easy to write a plugin which you could manually invoke to see if a file had alternative streams in it, though you'd still have to guess they were there and the plugin couldn't easily then show you what was in them (beyond a simple text/hex view) so that may not be so useful...
Maybe a VFS plugin could be written to show them... Probably end up being more of a curiosity than something many people found useful (how often do you want to see the ADS? Preserve them, sure, but view them?) but it could be done.
I should have' also said above that when I use IE to download an executable to my Iomega Rev drive (UDF file system), Opus will list the Zone.Identifier ADS file as a hidden and system file. (This is how I got initiated to ADS). When I double-click such a file to open it (.zip) or execute it (.exe) Windows prompts warning about the file having come from an untrusted zone. At that point, if I disable the warning for that file, Windows will delete the Zone.Identifier ADS file itself.
And anyone can create their own ADS file (which might even be useful for other Opus applications). It is a topic that comes up in Security risk conversation all the time. I believe the reason for this concern is that the ADS file name has the file name it applies to in it. So it could be a digital "paper trail" that file once existed somewhere.
Check out this article.
A little more general information about ADS.
Much more detailed technical ADS information from security perspective
Hi, is there something new about this ?
I'm trying to copy files over 2 network drives and keep the security settings, but without success, so I did a search on the forum and found this topic
Any news ?
I think the Copy security permissions option was added after the previous messages in this thread. It should do what you want, at least in theory.
hum, unfortunatly, it's not that great.
Opus copies the security only for the files and hard copy the settings to every files instead of keeping the inheritance links.
Can you give some examples of what you expect to see versus what you get, also showing the permissions on the source files and the source and destination parent folders?
Hi Leo,
I dit a lot of tests, and the only way I found to copy files and keep security settings is to make an archive (with winrar) and expand it into the destination folder.
But with Dopus, if I copy the files :
about the folders : they take the security settings from the parent folder (eq the new destination folder), and lose the source settings (bad :p)
about the files : they lose the inheritance, and the ACL are written directly on the files. (half-bad :p)
For instance, in the source directory, the file ACL is :
account1 has full control inherited from parent directory
after a copy with Dopus, in the destination directory the result is :
account1 has full control inheritance=none
Hope it'll help to build a better security copy feature 
no news about this issue ?
So do you just want the moved files to have the same permissions as if you had done a copy-then-delete?