非管理用户的文件处理
我一直在测试我的应用程序,看看它在由非管理用户运行时的运行情况如何,并且我发现了文件处理方面的问题。如果文件是由管理员用户创建的,我在尝试覆盖文件时收到 UnauthorizedAccessException。
写出文件时,我首先将文件创建为 .tmp 文件,然后使用 File.Copy 覆盖原始文件。创建了 .tmp 文件,但 File.Copy 失败。我的文件被写入公共目录(XP 中的“C:\Documents and Settings\All Users\Application Data”)。
我该怎么做才能让所有用户都能完全控制应用程序文件?
我发现这个:
System.Security.AccessControl.DirectorySecurity sec =
System.IO.Directory.GetAccessControl ( directory );
FileSystemAccessRule accRule = new FileSystemAccessRule ( Globals.userIdentity,
FileSystemRights.FullControl, AccessControlType.Allow );
sec.AddAccessRule ( accRule );
对所有文件所在的目录执行上述操作会解决此问题吗?或者我必须对每个文件做一些事情?如果是的话那是什么东西?
编辑:
非管理员用户无法修改管理员用户创建的文件。这不好。我需要所有用户都可以编辑所有文件。最初创建文件时是否没有可以设置某种权限来授予此权限?
I've been testing my application to see how well it works when run by a non-administrative user, and I have found problems with file handling. I am getting an UnauthorizedAccessException when trying to overwrite a file, if the file was created by and adminstrative user.
When writing out the file I first create the file as a .tmp file, then use File.Copy to overwrite the original. The .tmp file gets created, but File.Copy fails. My files are written to a public directory ("C:\Documents and Settings\All Users\Application Data" in XP).
What can I do so that all users can have full control of the application files?
I've found this:
System.Security.AccessControl.DirectorySecurity sec =
System.IO.Directory.GetAccessControl ( directory );
FileSystemAccessRule accRule = new FileSystemAccessRule ( Globals.userIdentity,
FileSystemRights.FullControl, AccessControlType.Allow );
sec.AddAccessRule ( accRule );
Will doing the above to the directory that all the files are located in solve this problem? Or will I have to do something to each file? If so what is that something?
Edit:
Non-admin users cannot modify files created by an admin user. This is not good. I need for all files to be editable by all users. Is there not some sort of permissions that can be set when the file is originally created that will grant this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我刚刚检查了 All Users\Application Data 目录的权限。 “用户”和“高级用户”ACL 没有“删除子文件夹和文件”权限。
他们可以删除自己的文件,因为“CREATOR OWNER”ACL 具有完全控制权。
至于如何解决这个问题,您可以授予每个人所有访问权限,但更好的主意是授予“用户”和“用户”权限。 “高级用户”ACL 对应用程序的 appdata 目录具有“删除子文件夹和文件”权限。
或者,您可以在创建文件时为“用户”和“高级用户”分配文件本身的“删除”和“修改”权限。
I just checked the permissions on the All Users\Application Data directory. The "Users" and "Power Users" ACLs do not have the "Delete Subfolders and Files" permission.
They can delete their own files because the "CREATOR OWNER" ACL has Full Control.
As for how to get around this, you could give everyone all access, but a better idea would be to grant the "Users" & "Power Users" ACLs the "Delete Subfolders and Files" permission on your app's appdata directory.
Alternately, you could assign the "Delete" and "Modify" permissions on the file itself for "Users" and "Power Users" when it's created.
此代码将授予用户对该文件夹的完全访问权限,但是,这可能会再次导致安全失败。
确保您的应用程序始终可以存储信息的最佳方法是通过IsolatedStorage。但是,如果您需要访问应用程序外部的文件,那么这不是最好的解决方案。
This code would give the user full access rights to the folder, however, this might fail on security again.
The best way to make sure your application can always store information is trough the IsolatedStorage. However if you need access to your files outside your application then this is not the best solution.
如果您使用类似的代码在文件创建后让每个人都可以完全访问该文件,怎么样?如果我理解正确的话,文件将始终使用您的应用程序创建,对吗?那么最初创建该文件的用户也将有权调整该文件的安全设置。那么问题就只是在文件创建后设置公共权限,并且所有用户都可以稍后替换该文件。
How about if you use similar code to give everyone full access to the file after it has been created ? If I understand you correctly the files will always be created with your application, right ? Then the user that creates the file in the first place will also have rights to adjust security settings for the file. Then it's just a question of setting public rights to the file once it is created and all users are able to replace the file later on.