Setting NTFS Permissions with C#

Today I needed to set NTFS permissions in C# on some newly created directories.

No problem I thought, the CLR will have something for it somewhere in Security, so I checked Google in the hopes to find which class to use.

But Google didn't find anything... This amazed me. "Why can't I control NTFS permissions with .NET ?!?"

After looking for an hour or so, I found a GotDotNet User Sample, called 'ACLs in .NET'. Finally I thought, now it's going to be plug in and set rights.

Well this library is great. It makes settings NTFS rights so easy.

But it lacks a bit in documentation. Therefore I'm providing some of the code I used with it, it could help you. (or it could show my possibly bad coding style, as far as my knowledge goes for know, it should be fine)

Reference the dll, and use it.

using Microsoft.Win32.Security;


Here's a method to add a dir, and set NTFS permissions on it for a given user:

private Boolean CreateDir(String strSitePath, String strUserName) {

       Boolean bOk;

       try {

              Directory.CreateDirectory(strSitePath);

              SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);

              Dacl dacl = secDesc.Dacl;

              Sid sidUser = new Sid (strUserName);

 

              // allow: folder, subfolder and files

              // modify

              dacl.AddAce (new AceAccessAllowed (sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE , AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE));

             

              // deny: this folder

              // write attribs

              // write extended attribs

              // delete

              // change permissions

              // take ownership

              DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC;

              AccessType AType = (AccessType)DAType;

              dacl.AddAce (new AceAccessDenied (sidUser, AType));

 

              secDesc.SetDacl(dacl);

              secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);

              bOk = true;

       } catch {

              bOk = false;

       }

       return bOk;

} /* CreateDir */


The AceFlags determine the level of inheritance on the object.

And the DirectoryAccessType is used to create a AccessType with some permissions not in the AccessType enum.

I hope this is useful.

Estreat  From http://weblogs.asp.net/cumpsd/archive/2004/02/08/69403.aspx

posted on 2005-08-03 19:34  房客  阅读(1270)  评论(3)    收藏  举报

编辑推荐:
· 一个字符串替换引发的性能血案:正则回溯与救赎之路
· 为什么说方法的参数最好不要超过4个?
· C#.Net 筑基-优雅 LINQ 的查询艺术
· 一个自认为理想主义者的程序员,写了5年公众号、博客的初衷
· 大数据高并发核心场景实战,数据持久化之冷热分离
阅读排行:
· 发布一个小功能,通过 markdown 图片语法嵌入B站视频
· 《HelloGitHub》第 111 期
· 谷歌新AI工具杀疯了?免费,但有点坑!Gemini CLI 抢先实测
· Dify发布V1.5.0:可视化故障排查!超实用
· 一个程序在计算机中是如何运行的?

导航

< 2005年8月 >
31 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 1 2 3
4 5 6 7 8 9 10

统计

点击右上角即可分享
微信分享提示