Create Directory and give user FullControl problem_问答_开发者

Create Directory and give user FullControl problem

开发者 https://www.devze.com 2023-01-16 16:52 出处：网络

I am having a problem creating a directory with specific permissions. //Make sure Tools directory exists

相关专题：

I am having a problem creating a directory with specific permissions.

        //Make sure Tools directory exists
        DirectoryInfo oMyDirectoryInfo = new DirectoryInfo(oInstance.szToolsPath);
        if (!oMyDirectoryInfo.Exists)
        {
            oMyDirectoryInfo.Create();
            DirectorySecurity oDirectorySecurity = oMyDirectoryInfo.GetAccessControl();
            oDirectorySecurity.AddAccessRule(new FileSystemAccessRule((Settings.Default.LoginDomain + "\\" + Settings.Default.LoginUsername), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
            oMyDirectoryInfo.SetAccessControl(oDirectorySecurity);
        }

Now this creates the directory and I can see that the Login has been added to the security tab. However when I Impersonate the Login and try and copy files to that directory I get a Unauthorized Exception. I can create a file (no data), I can create a folde开发者_JAVA技巧r but I cannot write data to files (but I set FullControl :/)

I dug further in to the permissions through Windows and I see that it applies to subfolders but I would like to set this to files too. How do I do this through code?

This is on Windows 7

When you are creating your FileSystemAccessRule, you are specifying InheritanceFlags.ContainerInherit. This propagates the mask to child containers. If you want to apply to leaf objects (files in your case), you need to specify InheritanceFlags.ObjectInherit, or for both,

 InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit

Use this to add access rule

string adminUserName = Environment.UserName;
            DirectorySecurity dirService = Directory.GetAccessControl(directory + hexID);
            FileSystemAccessRule fsa = new FileSystemAccessRule(adminUserName,FileSystemRights.FullControl, AccessControlType.Deny);

            dirService.AddAccessRule(fsa);//add
            Directory.SetAccessControl(directory + hexID, dirService);

and use this to remove access rule

string adminUserName = Environment.UserName;
            DirectorySecurity dirService = Directory.GetAccessControl(directory + hexID);
            FileSystemAccessRule fsa = new FileSystemAccessRule(adminUserName, FileSystemRights.FullControl, AccessControlType.Deny);

            dirService.RemoveAccessRule(fsa);//remove
            Directory.SetAccessControl(directory + hexID, dirService);