C# security permissions file-permissions

文件权限不会继承目录权限

发布于 2024-08-07 11:33:27 字数 1511 浏览 2 评论 0原文

我有一个程序正在为用户输出创建一个安全目录。这是正常工作的，但我在其中创建（或复制到其中）的文件最终仅具有管理员访问权限。

 DirectoryInfo outputDirectory =
            baseOutputDirectory.CreateSubdirectory(outputDirectoryName,
            GetDirectorySecurity(searchHits.Request.UserId));

 ...

private DirectorySecurity GetDirectorySecurity(string owner)
{
    const string LOG_SOURCE = "GetDirectorySecurity";
    DirectorySecurity ds = new DirectorySecurity();

    System.Security.Principal.NTAccount ownerAccount = 
        new System.Security.Principal.NTAccount(owner);

    ds.SetOwner(ownerAccount);

    ds.AddAccessRule(
        new FileSystemAccessRule(owner, 
        FileSystemRights.FullControl,
        AccessControlType.Allow));

    //AdminUsers is a List<string> that contains a list from configuration
    //  That represents the admins who should be allowed
    foreach (string adminUser in AdminUsers)
    {
        ds.AddAccessRule(
            new FileSystemAccessRule(adminUser,
            FileSystemRights.FullControl,
            AccessControlType.Allow));
    }
    return ds;
}

/// <summary>
/// This method copies any static supporting files, such as javascripts
/// </summary>
/// <param name="outputDirectory"></param>
private void CopySupportingFiles(DirectoryInfo outputDirectory)
{
    foreach (FileInfo file in SupportingFiles)
    {
        file.CopyTo(
            Path.Combine(outputDirectory.FullName, file.Name));
    }
}

等等，等等，等等。

我做错了什么？为什么权限不级联？

原文

I have a program that's creating a secure directory for user output. This is working correctly, but the files I create in it (or copy to it) are ending up with only administrator access.

 DirectoryInfo outputDirectory =
            baseOutputDirectory.CreateSubdirectory(outputDirectoryName,
            GetDirectorySecurity(searchHits.Request.UserId));

 ...

private DirectorySecurity GetDirectorySecurity(string owner)
{
    const string LOG_SOURCE = "GetDirectorySecurity";
    DirectorySecurity ds = new DirectorySecurity();

    System.Security.Principal.NTAccount ownerAccount = 
        new System.Security.Principal.NTAccount(owner);

    ds.SetOwner(ownerAccount);

    ds.AddAccessRule(
        new FileSystemAccessRule(owner, 
        FileSystemRights.FullControl,
        AccessControlType.Allow));

    //AdminUsers is a List<string> that contains a list from configuration
    //  That represents the admins who should be allowed
    foreach (string adminUser in AdminUsers)
    {
        ds.AddAccessRule(
            new FileSystemAccessRule(adminUser,
            FileSystemRights.FullControl,
            AccessControlType.Allow));
    }
    return ds;
}

/// <summary>
/// This method copies any static supporting files, such as javascripts
/// </summary>
/// <param name="outputDirectory"></param>
private void CopySupportingFiles(DirectoryInfo outputDirectory)
{
    foreach (FileInfo file in SupportingFiles)
    {
        file.CopyTo(
            Path.Combine(outputDirectory.FullName, file.Name));
    }
}

etc, etc, etc.

What am I doing wrong? Why aren't the permissions cascading?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

素手挽清风 2024-08-14 11:33:27

看起来您应该在设置 DirectorySecurity 时设置 InheritanceFlags 和 PropagationFlags （我相信它会覆盖您手动设置的任何内容）。

private DirectorySecurity GetDirectorySecurity(string owner)
{
    const string LOG_SOURCE = "GetDirectorySecurity";
    DirectorySecurity ds = new DirectorySecurity();

    System.Security.Principal.NTAccount ownerAccount =
        new System.Security.Principal.NTAccount(owner);

    ds.SetOwner(ownerAccount);

    ds.AddAccessRule(
        new FileSystemAccessRule(owner,
        FileSystemRights.FullControl,
        InheritanceFlags.ObjectInherit, 
        PropagationFlags.InheritOnly,
        AccessControlType.Allow));

    //AdminUsers is a List<string> that contains a list from configuration
    //  That represents the admins who should be allowed
    foreach (string adminUser in AdminUsers)
    {
        ds.AddAccessRule(
            new FileSystemAccessRule(adminUser,
            FileSystemRights.FullControl,
            InheritanceFlags.ObjectInherit,
            PropagationFlags.InheritOnly,
            AccessControlType.Allow));
    }
    return ds;
}

It looks like you should be setting the InheritanceFlags and PropagationFlags when setting the DirectorySecurity (I believe it overwrite whatever you've manually set).

private DirectorySecurity GetDirectorySecurity(string owner)
{
    const string LOG_SOURCE = "GetDirectorySecurity";
    DirectorySecurity ds = new DirectorySecurity();

    System.Security.Principal.NTAccount ownerAccount =
        new System.Security.Principal.NTAccount(owner);

    ds.SetOwner(ownerAccount);

    ds.AddAccessRule(
        new FileSystemAccessRule(owner,
        FileSystemRights.FullControl,
        InheritanceFlags.ObjectInherit, 
        PropagationFlags.InheritOnly,
        AccessControlType.Allow));

    //AdminUsers is a List<string> that contains a list from configuration
    //  That represents the admins who should be allowed
    foreach (string adminUser in AdminUsers)
    {
        ds.AddAccessRule(
            new FileSystemAccessRule(adminUser,
            FileSystemRights.FullControl,
            InheritanceFlags.ObjectInherit,
            PropagationFlags.InheritOnly,
            AccessControlType.Allow));
    }
    return ds;
}

回复收藏 0 原文

~没有更多了~