Why can I write files into a folder that is read-only?
Unlike the Read-only attribute for a file, the Read-only attribute for a folder is typically ignored by Windows, Windows components and accessories, and other programs. For example, you can delete, rename, and change a folder with the Read-only attribute by using Windows Explorer.
The Read-only and System attributes is only used by Windows Explorer to determine whether the folder is a special folder, such as a system folder that has its view customized by Windows (for example, My Documents, Favorites, Fonts, Downloaded Program Files), or a folder that you customized by using the Customize tab of the folder's Properties dialog box. As a result, Windows Explorer does not allow you to view or change the Read-only or System attributes of folders. When a folder has the Read-Only attribute set it causes Explorer to request the Desktop.ini of that folder to see if any special folder settings need to be set.
This is an old article but it is still true for all versions of Windows.
To prevent the creation of files in a folder, change the permissions using the Security
tab in the folder properties. Click the Advanced
button and add a rule to deny access to Create Files / Write Data
.
Related videos on Youtube
AlainD
By day: Software Engineer using C/C++, Delphi and C#. By night: Musician; World champion of boardgames including Entropy, Lines of Action, Pacru, and Azacru; Represented South Africa and United Kingdom at international Chess, Xiangqi and Backgammon.
Updated on September 18, 2022Comments
-
AlainD over 1 year
I've tried this on both Windows 7 and Windows XP. Start Windows Explorer and create a new folder in some temporary location called (say)
NonWriteable
. Right-click the folder and set the properties of the folder toRead-only
.Now open the folder and create a new .txt file. This is allowed. Why? How do you set a folder so that nothing can be modified inside it?
Note: If I right-click the .txt file and set that to
Read-only
then the system correctly prevents updates to the file.-
Seth over 6 yearsCheck the advanced options and actively deny writing permissions. What kind of Account are you using? An administrative Account should always be able to change things.
-
InterLinked over 6 years@Seth An administrative account should always be able to change things? What if one is trying to access a folder on a different machine?
-
AFH over 6 yearsWindows seems never to have used this setting for directories. If it is within a shared drive you will find that Linux won't be able to create, delete or rename files unless read-only is cleared.
-
Seth over 6 yearsWhat's the relation here? Currently you're talking about local permissions. If on the remote side the account has administrative permissions, it's going to have those and do what they enable.
-
AlainD over 6 years@Seth: Good call. After modifying the advanced permissions on the
Security
tab to deny access toCreate Files / Write Data
, I now cannot create new files. This seems to be a Windows bug/limitation. If I programmatically call theGetFileAttributes
API on the folder, theFILE_ATTRIBUTE_DIRECTORY
attribute is set...but notFILE_ATTRIBUTE_READONLY
. -
n0rd over 6 yearsThe read-only flag is a leftover from the DOS era and FAT file systems. Even then it didn't work for directories, so current behavior is a backwards compatibility with the old times.
-
dave_thompson_085 over 6 yearsThe 'permissions' in the Security tab are not attributes, they are ACL entries; the ACL (Access Control List) is also part of the file's metadata (on NTFS only not FAT) but different and separate from the attributes. This distinction is clearer at commandline where you use
attrib
to see or change attributes andcacls
(since NT) oricacls
(since IIRC Vista) for ACLs. See GetSecurityInfo / GetNamedSecurityInfo . -
ComicSansMS over 6 yearsNote that starting with Windows 7, the dialog was changed to
Read-only (Only applies to files in this folder)
to make it more clear what this option actually does. There is a screenshot of the new dialog in this answer. -
Carl Witthoft over 6 yearsThis hearkens back to an old bug in Unix: without read access to a directory, you couldn't do, say,
% ls dirname
but you could do, for a read-accessible file inside the directory,% more dirname/filename
-
-
AlainD over 6 yearsDoes the limitation that
Windows does not set the READONLY attribute for folders
also apply to Windows 8, 8.1 and 10? The Microsoft article only mentions XP, Vista and 7. -
David Marshall over 6 years@AlainD Yes. It's an old article but it still applies to newer versions of Windows. I'll come back and expand the answer later.
-
Pedro A over 6 yearsSo the "read-only" attribute of a folder has absolutely nothing to do with it being read-only at all? Is it nothing more than a huuuuuge UX failure?
-
oakad over 6 years@Hamsteriffic It's a legacy from a FAT filesystem. FAT used to support only few file attributes, RO being one of them. NTFS features a sophisticated ACL mechanism for access control, so FAT attributes are of no importance when NTFS is employed. However, the particular dialog in question was designed many years ago when FAT was still prevalent and never changed since.
-
I'm with Monica over 6 years@Hamsteriffic So, to sum up oakads comment: Yes.
-
jrh over 6 yearsSounds like a decent topic for Raymond Chen's "Old New Thing" blog.
-
Run5k over 6 years@jrh, I honestly thought that this was relatively common knowledge within the Windows support world and was a bit surprised to see this question become so popular. The KB article that David referenced in his answer has actually been in my Internet bookmarks for over a decade!
-
David Marshall over 6 years@jrh He wrote one in 2003 blogs.msdn.microsoft.com/oldnewthing/20030930-00/?p=42353
-
Olivier Dulac over 6 yearsinterresting to note: in Lightroom, when you put a folder in Read-Only, the images within (and that folder) do not appear. It is usefull as often one exports some photos of an event underneath the event main directory, and if you don't set that dir as hidden, a refresh of that main dir would include also that subdir, showing duplicate photos (the raw/jpb originals, and the exported ones). So there the read-only attribute does make some difference.