C# - Windows ACL - 应用继承的权限
我在以编程方式向文件夹/注册表项分配权限时遇到问题。我已设法使用以下代码分配继承权限:
FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
FileSystemRights.FullControl, InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly,
AccessControlType.Allow);
DirectorySecurity security = new DirectorySecurity();
security.SetAccessRule(rule);
Directory.CreateDirectory(dir);
Directory.SetAccessControl(dir, security);
这正确设置了我作为管理员创建的所有子文件夹的文件权限。但是,它不会设置 dir 文件夹本身的权限。我尝试过一些继承和传播的排列,但没有任何乐趣。
例如,我有:
dir = %programfiles%\Test
如果我在测试中创建了一个文件夹(%programfiles%\Test\SubFolder),我拥有为我的用户分配给它的完全权限,但我没有%programfiles%\Test。这真的很烦人,因为我想授予我的用户完全权限来对 Test 目录执行任何操作。
我在注册表权限方面遇到了类似的问题,但我相信,如果我能解决其中一个问题,我就可以解决这两个问题。
有谁知道如何解决这个问题?
问候
特里斯
I've been having problems programatically assigning permissions to Folders / Registry entries. I have managed to assign inheriting permissions using the following code:
FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
FileSystemRights.FullControl, InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly,
AccessControlType.Allow);
DirectorySecurity security = new DirectorySecurity();
security.SetAccessRule(rule);
Directory.CreateDirectory(dir);
Directory.SetAccessControl(dir, security);
This correctly sets my file permissions on all the child folders i create as an administrator. However, it does not set the permissions on the dir folder itself. I've played around with a fair few permutations for inheritance and propogation, but not had any joy.
For example, I have:
dir = %programfiles%\Test
If i have created a folder in test (%programfiles%\Test\SubFolder), I have full permissions assigned to it for my user, but I do not have full permissions on %programfiles%\Test. This is really annoying, as I would like to give my user full permissions to do whatever with the Test directory as well.
I am having similar problems with registry permissions, but I believe that if i can solve one, i can solve both of the outstanding issues.
Does anyone know how this can be resolved?
Regards
Tris
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对于文件夹:
对于子文件夹和文件:
这两行都需要位于您的项目中。然后您将获得适用于该文件夹、子文件夹和文件的 acl
For the folder:
For subfolders and files:
both lines need to be in your project. then you get acls that apply to this folder, subfolders and files
我算不上这方面的专家,但在为了我自己的目的而必须弄清楚这一点之后,我相信戴夫的答案虽然有效,但过于复杂。您应该能够仅使用一个规则来实现此目的:
OP 在其原始代码中使用的
PropagationFlags.InheritOnly参数阻止访问规则应用于对象本身。另外,您还可以在创建目录时设置目录的安全性,因为 .NET 为此提供了重载:
I'm hardly an expert here, but after having to figure this out for my own purposes, I believe that Dave's answer, although functional, is overly complicated. You should be able to achieve this with just one rule:
The
PropagationFlags.InheritOnlyparameter used by the OP in their original code is what prevents the access rule from applying to the object itself.Also, you might as well set the directory's security as you're creating it, since .NET provides an overload for just that purpose: