I approached our IT staff to restrict a top-level folder on a directory to prevent users from adding or modifying anything in the root level, but to allow read/write/modify access to all sub-folders. There are several hundred gigabytes and probably over a million files and folders. I was told:
"The way the current permission structure is set on this volumes make what you ask very hard to do. The volume has the one permission structure that is inherited all the way down – Everyone FULL rights to everything – therefore making any changed at the top would have to propagate to every single file in the entire volume and would take days to complete. "
Does this make sense? I get it would take days to perform, but why does that matter? Is he saying the system would be bogged down for days? What are the alternatives to lock down the root? Any help would be appreciated.
If you're using a windows file server, that's not necessarily the case. There is the option of only changing the permissions of a single directory vs. propagating everything down. However, if you want to propagate everything down (generally an IT decision), it will bog down and your file share will probably not be accessible with any acceptable level of performance