为什么我在C#中无法设置这个ACL规则?
我的 C# 应用程序在 Vista SP1 上以提升的管理员身份运行,尝试使用以下代码设置以下规则。 不会产生任何错误,但目录的 ACL 也不会发生任何更改。 我缺少什么?
public static void Main( string args[] )
{
string dirPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "Company"), "Product" );
Directory.Create(dirPath);
_SetAcl(dirPath, "Users", FileSystemRights.FullControl);
}
private static void _SetAcl(string path, string identity, FileSystemRights rights)
{
var info = new DirectoryInfo(path);
var acl = info.GetAccessControl();
var rule1 = new FileSystemAccessRule(identity, rights, AccessControlType.Allow);
bool modified;
acl.ModifyAccessRule(AccessControlModification.Reset, rule1, out modified);
var inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
var rule2 = new FileSystemAccessRule(identity, rights, inheritanceFlags,
PropagationFlags.InheritOnly, AccessControlType.Allow);
acl.ModifyAccessRule(AccessControlModification.Add, rule2, out modified);
}
更新: 只需添加以下代码作为 _SetAcl 方法的最后一行,我的代码就可以运行了。
info.SetAccessControl(acl);
Running as an elevated admin on Vista SP1, my C# app tries to set the following rule with the following code. No error is produced, but neither is any change on the directory's ACL. What am I missing?
public static void Main( string args[] )
{
string dirPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "Company"), "Product" );
Directory.Create(dirPath);
_SetAcl(dirPath, "Users", FileSystemRights.FullControl);
}
private static void _SetAcl(string path, string identity, FileSystemRights rights)
{
var info = new DirectoryInfo(path);
var acl = info.GetAccessControl();
var rule1 = new FileSystemAccessRule(identity, rights, AccessControlType.Allow);
bool modified;
acl.ModifyAccessRule(AccessControlModification.Reset, rule1, out modified);
var inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
var rule2 = new FileSystemAccessRule(identity, rights, inheritanceFlags,
PropagationFlags.InheritOnly, AccessControlType.Allow);
acl.ModifyAccessRule(AccessControlModification.Add, rule2, out modified);
}
Update: Just add the following code as the last line of the _SetAcl method, and my code is good to go.
info.SetAccessControl(acl);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
要完成该过程,您必须使用修改后的 ACL 调用 DirectoryInfo.SetAccessControl()。
GetAccessControl() 实际上返回 ACL 的副本。 您可以随意修改它,但只有调用 SetAccessControl() 后才会生效
To finish the process you must call DirectoryInfo.SetAccessControl() with the modified ACL.
GetAccessControl() really returns a copy of the ACL. You're free to modify it but it won't take effect until you call SetAccessControl()