I have been working with windows permissions for over 10 years now and though I knew what I was doing until now.
I seem to now be able to connect to a share path where I have no access to the root of the share or intermediate folders but do at the lower level folders. I always though I needed the traverse folder permission to do this but apparently not. Let me explain
I have created a share \\server1\data
The share permission is full control and the NTFS permissions are full control for admins and system. Inheritance is blocked on the data folder
I then create sub folders \\server1\data\L1\L2\L3
the sub folders are inheritning permissions from the Data folder. I now grant "testuser" read/write(modify) access to the L2 folder.
From a PC "TestUser" can do the following
\\server1\data - Access Denied
\\Server1\data\L1 - Access Denied
\\Server1\data\L1\L2 - Access granted
Bearing in mind that I have not granted "Testuser" any traverse rights to the data or L1 folders, why can "TestUser" access L2 and L3? Is there a technet article explaining this anywhere?