1

I just noticed some strange behavior using ROBOCOPY /SEC that I can't explain...

We require a {TEMPLATE} folder holding +50 subfolders with custom access rights to be copied for each new project. For this I have created a simple batch script that executes:

ROBOCOPY "\\SHARE\INFO\{TEMPLATE-NL}" "\\SHARE\PROJECTS\NEW_PROJECT" /E /SEC

The share itself has full access for everyone. The user executing the batch script has full access on \SHARE\PROJECTS

When this user has read access (including read permissions) to \SHARE\INFO{TEMPLATE-NL}, ROBOCOPY will fail and only copy the first level of folders holding specific access rights.

To fix this, I had to give this user full access to \SHARE\INFO{TEMPLATE-NL}

How comes? And is there any way around this? I do not want this user to be able to change the template permissions.

Tiele Declercq
  • 119
  • 2
  • 4
  • Are you sure it's the source ACL? I searched for a similar error but wasn't aware of the target folders ACL. – bjoster Apr 10 '19 at 13:01

1 Answers1

1

If I've interpreted your scenario correctly, this is exactly as-expected:

  • The permissions on the source directory do not grant the user the right to make changes.

  • You are copying these permissions to the target directory.

  • Therefore, the user can no longer make changes on the target directory, and robocopy fails.

If the user has administrative privilege (on the machine robocopy is running on as well as on the destination server) then you can use /B option to override the permissions.

Otherwise, you might be able to make it work as a two-step process, by first copying all the files and directories without copying the security, i.e., using /COPY:DAT and then fixing the permissions as a separate step, using the /IS and /COPY:S options.

Harry Johnston
  • 5,875
  • 4
  • 35
  • 52