文件系统权限问题 (C#)
我对文件系统和权限/权限访问(又名访问控制列表,ACL)相当陌生。在针对 ACL 进行编码时,我无法为文件设置我想要的属性。我不确定我对 FileSystemRights 成员的理解是否错误,或者我完全做错了。 (我已经在这部分上花了相当多的时间)
我想做的是更改文件的权限,以便它只能完全可读,并且不能在其他地方编辑、重命名、删除和复制。
使用 MSDN 的示例,这是我到目前为止所拥有的:
try
{
//Get current identity
WindowsIdentity self = System.Security.Principal.WindowsIdentity.GetCurrent();
// Add the access control entry to the file.
AddFileSecurity(filename, self.Name, FileSystemRights.Modify, AccessControlType.Deny);
AddFileSecurity(filename, self.Name, FileSystemRights.Write, AccessControlType.Deny);
AddFileSecurity(filename, self.Name, FileSystemRights.ReadAndExecute, AccessControlType.Allow);
// Remove the access control entry from the file.
RemoveFileSecurity(filename, self.Name, FileSystemRights.ReadAndExecute, AccessControlType.Deny);
RemoveFileSecurity(filename, self.Name, FileSystemRights.Read, AccessControlType.Deny);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
我的逻辑是:
- 添加拒绝修改权限(拒绝 .Modify 将导致文件变得不可读)
- 添加拒绝写入权限
- 添加允许 ReadAndExecute 权限
- 删除 ReadAndExecute 上的拒绝条目(与 .Modify 一样)拒绝读取和执行)
- 删除拒绝读取条目(如.修改拒绝读取)
我是否正确执行此部分?如果不是,请告知我应该做什么才能使该文件只能读取而不能编辑、重命名、删除和复制。非常感谢!
I'm fairly new to file systems and permissions/rights access (aka Access Control List, ACL). While coding with regards to ACL, I am not able to set properties I want to the files. I'm unsure if my understanding of FileSystemRights members are wrong, or I'm totally doing the wrong thing. (And I'm spending quite some time on this part already)
What I'd like to do is change the rights of a file, so that it can only be soelly readable AND cannot be edited, renamed, deleted and copied elsewhere.
Using the MSDN's example, here's what I have so far:
try
{
//Get current identity
WindowsIdentity self = System.Security.Principal.WindowsIdentity.GetCurrent();
// Add the access control entry to the file.
AddFileSecurity(filename, self.Name, FileSystemRights.Modify, AccessControlType.Deny);
AddFileSecurity(filename, self.Name, FileSystemRights.Write, AccessControlType.Deny);
AddFileSecurity(filename, self.Name, FileSystemRights.ReadAndExecute, AccessControlType.Allow);
// Remove the access control entry from the file.
RemoveFileSecurity(filename, self.Name, FileSystemRights.ReadAndExecute, AccessControlType.Deny);
RemoveFileSecurity(filename, self.Name, FileSystemRights.Read, AccessControlType.Deny);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
My logic is that:
- Add Deny Modify rights (Denying .Modify will cause the file to become unreadable)
- Add Deny Write rights
- Add Allow ReadAndExecute rights
- Remove Deny entry on ReadAndExecute (As .Modify denies ReadAndExecute)
- Remove Deny entry on Read (As .Modify denies Read)
Am I doing this part correctly? If not, please advise on what should I do to make the file only readable only and not editable, renamable, deletable and copiable. Many thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
请解释一下它做错了什么。我看到的唯一可能存在问题的是您正在为自己设置权限,而不是为其他用户或组设置权限。也许您应该遍历所有组(管理员、用户等)并禁用除读取和执行之外的所有组。虽然我认为SYSTEM始终拥有对所有文件的完全控制权。
Please explain what it is doing wrong. The only thing I see that may be an issue is that you're setting the permissions for yourself, but not the other users, or groups. Perhaps you should iterate through all the groups (admins, users, etc) and disable all but read&execute. Although I think SYSTEM always has full control of all files.