当前位置: 文江博客话题详情

重复的 GetAccessRules、FileSystemAccessRule 条目

发布于 2024-09-14 18:51:23 字数 1102 浏览 5 评论 0原文

我从下面的代码中得到了重复的 FileSystemAccessRule:

C:\inetpub\wwwroot\AspInfo\Account
BUILTIN\IIS_IUSRS : Allow : ReadAndExecute, Synchronize
BUILTIN\IIS_IUSRS : Allow : -1610612736
NT SERVICE\TrustedInstaller : Allow : FullControl
NT SERVICE\TrustedInstaller : Allow : 268435456

并且我无法弄清楚它是什么或为什么。

并且显示的权限与我可以看到的文件 FileManager 属性不匹配。 例如,如何从此迭代或类似迭代中找到“列出文件夹内容”权限。如果有人知道 .NET 文档中的示例,那将会很有帮助。

protected void directoryInfo()
{
  var di = new DirectoryInfo(Server.MapPath("/"));
  foreach (DirectoryInfo dir in di.GetDirectories())
  {
    Response.Write(dir.FullName + "<br/>");
    DirectorySecurity ds = dir.GetAccessControl();
    foreach (FileSystemAccessRule fsar in ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
    {
      string userName = fsar.IdentityReference.Value;
      string userRights = fsar.FileSystemRights.ToString();
      string userAccessType = fsar.AccessControlType.ToString();
      Response.Write(userName + " : " + userAccessType + " : " + userRights + "<br/>");
    }
  }
}
原文

I'm getting a duplicate FileSystemAccessRule from this code below:

C:\inetpub\wwwroot\AspInfo\Account
BUILTIN\IIS_IUSRS : Allow : ReadAndExecute, Synchronize
BUILTIN\IIS_IUSRS : Allow : -1610612736
NT SERVICE\TrustedInstaller : Allow : FullControl
NT SERVICE\TrustedInstaller : Allow : 268435456

and I can't work out what or why it is.

And the permissions being shown don't match what I can see file FileManager properties.
For example, how do I find the "List Folder Contents" permission from this or similar iteration. If anyone knows of an example within the .NET docs it would be helpful.

protected void directoryInfo()
{
  var di = new DirectoryInfo(Server.MapPath("/"));
  foreach (DirectoryInfo dir in di.GetDirectories())
  {
    Response.Write(dir.FullName + "<br/>");
    DirectorySecurity ds = dir.GetAccessControl();
    foreach (FileSystemAccessRule fsar in ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
    {
      string userName = fsar.IdentityReference.Value;
      string userRights = fsar.FileSystemRights.ToString();
      string userAccessType = fsar.AccessControlType.ToString();
      Response.Write(userName + " : " + userAccessType + " : " + userRights + "<br/>");
    }
  }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

淡莣 2024-09-21 18:51:23

您将获得继承规则和在该文件夹上显式设置的规则的单独规则条目。根据每个规则的传播设置,也存在差异。例如,您可以将一组权限设置为传播到子文件夹,并将另一组设置为传播到文件夹内的文件。您的代码还会获取您似乎只需要访问权限 (DACL) 的文件夹的审核规则 (SACL)。

试试这个:

protected void directoryInfo()
{
  var di = new DirectoryInfo(Server.MapPath("/"));
  foreach (DirectoryInfo dir in di.GetDirectories())
  {
    Response.Write(dir.FullName + "<br/>");
    DirectorySecurity ds = dir.GetAccessControl(AccessControlSections.Access);
    foreach (FileSystemAccessRule fsar in ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
    {
      string userName = fsar.IdentityReference.Value;
      string userRights = fsar.FileSystemRights.ToString();
      string userAccessType = fsar.AccessControlType.ToString();
      string ruleSource = fsar.IsInherited ? "Inherited" : "Explicit";
      string rulePropagation = fsar.PropagationFlags.ToString();
      string ruleInheritance = fsar.InheritanceFlags.ToString();
      Response.Write(userName + " : " + userAccessType + " : " + userRights + " : " + ruleSource + " : " + rulePropagation + " : " + ruleInheritance + "<br/>");
    }
  }
}

您看到的 ReadAndExecute 权限包括“列出文件夹内容”权限。您可以使用 FileSystemRights 枚举中的适当标志来检查个人权限。例如:

if (fsar.FileSystemRights && FileSystemRights.ListDirectory)
  Console.WriteLine("Has List Directory permission");

You will get separate rules entries for inherited rules and for rules that are explicitly set on that folder. There is also a difference depending on the the propagation settings on each rule. For example, you can have one set of permissions that are set to propagate to subfolders, and a different set to files within the folder. Your code is also getting the audit rules (SACL) on the folder where you seem to just be wanting the access permissions (DACL).

Try this:

protected void directoryInfo()
{
  var di = new DirectoryInfo(Server.MapPath("/"));
  foreach (DirectoryInfo dir in di.GetDirectories())
  {
    Response.Write(dir.FullName + "<br/>");
    DirectorySecurity ds = dir.GetAccessControl(AccessControlSections.Access);
    foreach (FileSystemAccessRule fsar in ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
    {
      string userName = fsar.IdentityReference.Value;
      string userRights = fsar.FileSystemRights.ToString();
      string userAccessType = fsar.AccessControlType.ToString();
      string ruleSource = fsar.IsInherited ? "Inherited" : "Explicit";
      string rulePropagation = fsar.PropagationFlags.ToString();
      string ruleInheritance = fsar.InheritanceFlags.ToString();
      Response.Write(userName + " : " + userAccessType + " : " + userRights + " : " + ruleSource + " : " + rulePropagation + " : " + ruleInheritance + "<br/>");
    }
  }
}

The ReadAndExecute permission you're seeing includes the "List Folder Contents" permission. You can check for individual permissions by using the appropriate flag in the FileSystemRights enum. For example:

if (fsar.FileSystemRights && FileSystemRights.ListDirectory)
  Console.WriteLine("Has List Directory permission");
回复 原文
~没有更多了~

关于作者

苏佲洛

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文