39

I've tried this on both Windows 7 and Windows XP. Start Windows Explorer and create a new folder in some temporary location called (say) NonWriteable. Right-click the folder and set the properties of the folder to Read-only.

Folder set to be read-only

Now open the folder and create a new .txt file. This is allowed. Why? How do you set a folder so that nothing can be modified inside it?

Note: If I right-click the .txt file and set that to Read-only then the system correctly prevents updates to the file.

AlainD
  • 4,447
  • 15
  • 49
  • 96
  • 3
    Check the advanced options and actively deny writing permissions. What kind of Account are you using? An administrative Account should always be able to change things. – Seth Sep 06 '17 at 10:40
  • @Seth An administrative account should always be able to change things? What if one is trying to access a folder on a different machine? – InterLinked Sep 06 '17 at 10:47
  • 2
    Windows seems never to have used this setting for directories. If it is within a shared drive you will find that Linux won't be able to create, delete or rename files unless read-only is cleared. – AFH Sep 06 '17 at 10:47
  • What's the relation here? Currently you're talking about local permissions. If on the remote side the account has administrative permissions, it's going to have those and do what they enable. – Seth Sep 06 '17 at 10:49
  • 2
    @Seth: Good call. After modifying the advanced permissions on the `Security` tab to deny access to `Create Files / Write Data`, I now cannot create new files. This seems to be a Windows bug/limitation. If I programmatically call the `GetFileAttributes` API on the folder, the `FILE_ATTRIBUTE_DIRECTORY` attribute is set...but not `FILE_ATTRIBUTE_READONLY`. – AlainD Sep 06 '17 at 11:09
  • The read-only flag is a leftover from the DOS era and FAT file systems. Even then it didn't work for directories, so current behavior is a backwards compatibility with the old times. – n0rd Sep 06 '17 at 16:06
  • The 'permissions' in the Security tab are not attributes, they are ACL entries; the ACL (Access Control List) is also part of the file's metadata (on NTFS only not FAT) but different and separate from the attributes. This distinction is clearer at commandline where you use `attrib` to see or change attributes and `cacls` (since NT) or `icacls` (since IIRC Vista) for ACLs. See GetSecurityInfo / GetNamedSecurityInfo . – dave_thompson_085 Sep 06 '17 at 21:36
  • 2
    Note that starting with Windows 7, the dialog was changed to `Read-only (Only applies to files in this folder)` to make it more clear what this option actually does. There is a screenshot of the new dialog in [this answer](https://superuser.com/a/866147/320036). – ComicSansMS Sep 07 '17 at 07:21
  • This hearkens back to an old bug in Unix: without read access to a directory, you couldn't do, say, `% ls dirname` but you could do, for a read-accessible file inside the directory, `% more dirname/filename` – Carl Witthoft Sep 07 '17 at 13:41

1 Answers1

57

Unlike the Read-only attribute for a file, the Read-only attribute for a folder is typically ignored by Windows, Windows components and accessories, and other programs. For example, you can delete, rename, and change a folder with the Read-only attribute by using Windows Explorer.

The Read-only and System attributes is only used by Windows Explorer to determine whether the folder is a special folder, such as a system folder that has its view customized by Windows (for example, My Documents, Favorites, Fonts, Downloaded Program Files), or a folder that you customized by using the Customize tab of the folder's Properties dialog box. As a result, Windows Explorer does not allow you to view or change the Read-only or System attributes of folders. When a folder has the Read-Only attribute set it causes Explorer to request the Desktop.ini of that folder to see if any special folder settings need to be set.

Source: https://support.microsoft.com/en-gb/help/326549/you-cannot-view-or-change-the-read-only-or-the-system-attributes-of-fo

This is an old article but it is still true for all versions of Windows.

To prevent the creation of files in a folder, change the permissions using the Security tab in the folder properties. Click the Advanced button and add a rule to deny access to Create Files / Write Data.

Aasmund Eldhuset
  • 138
  • 5
David Marshall
  • 7,200
  • 4
  • 28
  • 32
  • Does the limitation that `Windows does not set the READONLY attribute for folders` also apply to Windows 8, 8.1 and 10? The Microsoft article only mentions XP, Vista and 7. – AlainD Sep 06 '17 at 11:19
  • 1
    @AlainD Yes. It's an old article but it still applies to newer versions of Windows. I'll come back and expand the answer later. – David Marshall Sep 06 '17 at 11:25
  • 1
    So the "read-only" attribute of a folder has absolutely nothing to do with it being read-only at all? Is it nothing more than a huuuuuge UX failure? – Pedro A Sep 07 '17 at 00:30
  • 6
    @Hamsteriffic It's a legacy from a FAT filesystem. FAT used to support only few file attributes, RO being one of them. NTFS features a sophisticated ACL mechanism for access control, so FAT attributes are of no importance when NTFS is employed. However, the particular dialog in question was designed many years ago when FAT was still prevalent and never changed since. – oakad Sep 07 '17 at 04:00
  • 4
    @Hamsteriffic So, to sum up oakads comment: Yes. – I'm with Monica Sep 07 '17 at 12:58
  • Sounds like a decent topic for Raymond Chen's "Old New Thing" blog. – jrh Sep 07 '17 at 15:35
  • @jrh, I honestly thought that this was relatively common knowledge within the Windows support world and was a bit surprised to see this question become so popular. The KB article that David referenced in his answer has actually been in my Internet bookmarks for over a decade! – Run5k Sep 07 '17 at 16:40
  • 2
    @jrh He wrote one in 2003 https://blogs.msdn.microsoft.com/oldnewthing/20030930-00/?p=42353/ – David Marshall Sep 07 '17 at 20:07
  • interresting to note: in Lightroom, when you put a folder in Read-Only, the images within (and that folder) do not appear. It is usefull as often one exports some photos of an event underneath the event main directory, and if you don't set that dir as hidden, a refresh of that main dir would include also that subdir, showing duplicate photos (the raw/jpb originals, and the exported ones). So there the read-only attribute does make some difference. – Olivier Dulac Sep 08 '17 at 13:52