在远程文件/目录上设置ACL时发生未经授权的操作

发布于 2024-08-17 07:48:00 字数 1981 浏览 1 评论 0原文

完全重复： https://stackoverflow.com/posts/2035107

尝试文件删除和保存操作在远程位置。当作为控制台应用程序运行时，它工作正常，但从 XP_CMDSHELL（SQL 服务器）调用时失败运行时出现的异常

[4804] System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

这是从 XP_CMDShell [4804] 在 System.Security.AccessControl.Win32.GetSecurityInfo(ResourceType resourceType, String name, SafeHandle handle, AccessControlSections accessControlSections, RawSecurityDescriptor& resultSd) [4804]在System.Security.AccessControl.NativeObjectSecurity.CreateInternal（ResourceType资源类型，布尔isContainer，字符串名称，SafeHandle句柄，AccessControlSections includeSections，布尔createByName，ExceptionFromErrorCode异常FromErrorCode，对象ExceptionContext） [4804] 在 System.Security.AccessControl.FileSystemSecurity..ctor（布尔值 isContainer、字符串名称、AccessControlSections includeSections、布尔值 isDirectory） [4804] 在 System.Security.AccessControl.DirectorySecurity..ctor（字符串名称，AccessControlSections includeSections） [4804] 在 System.IO.DirectoryInfo.GetAccessControl（AccessControlSections includeSections） [4804]位于 D:\SAABZX01D\dev\libraries\EXCEL\Class1.cs 中的 Excel.SetAcl(字符串文件名，字符串帐户)：第 228 行 [4804]位于 D:\SAABZX01D\dev\libraries\EXCEL\Class1.cs 中的 Excel.doKEStats(String baanId, String fromDate, String toDate):第 87 行

这是代码

 public static  bool SetAcl(string filename,string account)
    {
        FileSystemAccessRule rule = new FileSystemAccessRule(account, FileSystemRights.FullControl, AccessControlType.Allow);
         string path= System.IO.Directory.GetDirectoryRoot(filename);
      System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(filename);


      bool what = false;
      DirectorySecurity security = di.GetAccessControl(AccessControlSections.Access);
      security.ModifyAccessRule(AccessControlModification.Add, rule, out what);




      di.SetAccessControl(security);
      return what;

    }

原文

Exact duplicate of: https://stackoverflow.com/posts/2035107

Trying file delete and save operation on a remote location.
When run as a console App, it works fine but fails when called from XP_CMDSHELL (SQL server)
Here is the exception when run from XP_CMDShell

[4804] System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

[4804] at System.Security.AccessControl.Win32.GetSecurityInfo(ResourceType resourceType, String name, SafeHandle handle, AccessControlSections accessControlSections, RawSecurityDescriptor& resultSd)
[4804] at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
[4804] at System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory)
[4804] at System.Security.AccessControl.DirectorySecurity..ctor(String name, AccessControlSections includeSections)
[4804] at System.IO.DirectoryInfo.GetAccessControl(AccessControlSections includeSections)
[4804] at Excel.SetAcl(String filename, String account) in D:\SAABZX01D\dev\libraries\EXCEL\Class1.cs:line 228
[4804] at Excel.doKEStats(String baanId, String fromDate, String toDate) in D:\SAABZX01D\dev\libraries\EXCEL\Class1.cs:line 87

Here is the code

 public static  bool SetAcl(string filename,string account)
    {
        FileSystemAccessRule rule = new FileSystemAccessRule(account, FileSystemRights.FullControl, AccessControlType.Allow);
         string path= System.IO.Directory.GetDirectoryRoot(filename);
      System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(filename);


      bool what = false;
      DirectorySecurity security = di.GetAccessControl(AccessControlSections.Access);
      security.ModifyAccessRule(AccessControlModification.Add, rule, out what);




      di.SetAccessControl(security);
      return what;

    }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

油焖大侠 2024-08-24 07:48:00

问题是 DirectoryInfo 提供了完整路径（包括文件名）。
这是修改后的代码，可以运行。

 public static bool SetAcl(string filename, string account)
{
    FileSystemAccessRule rule = new FileSystemAccessRule(account, FileSystemRights.Write, AccessControlType.Allow);

    PermissionSet fp = new PermissionSet(PermissionState.Unrestricted);
    fp.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, new string[] { filename }));
    fp.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write | FileIOPermissionAccess.PathDiscovery, new string[] { filename }));
    fp.Assert();

    System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(System.IO.Path.GetDirectoryName(filename));


    bool what = false;
    DirectorySecurity security = di.GetAccessControl();

    security.ModifyAccessRule(AccessControlModification.Add, rule, out what);
    di.SetAccessControl(security);
    return what;

}

The problem was DirectoryInfo presented with full path (including file name)..
Here is the modified code that works..

 public static bool SetAcl(string filename, string account)
{
    FileSystemAccessRule rule = new FileSystemAccessRule(account, FileSystemRights.Write, AccessControlType.Allow);

    PermissionSet fp = new PermissionSet(PermissionState.Unrestricted);
    fp.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, new string[] { filename }));
    fp.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write | FileIOPermissionAccess.PathDiscovery, new string[] { filename }));
    fp.Assert();

    System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(System.IO.Path.GetDirectoryName(filename));


    bool what = false;
    DirectorySecurity security = di.GetAccessControl();

    security.ModifyAccessRule(AccessControlModification.Add, rule, out what);
    di.SetAccessControl(security);
    return what;

}

回复收藏 0 原文