C# - Windows ACL - 应用继承权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1411743/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
C# - Windows ACL - Applying Inherited Permissions
提问by Jeremy
I've been having problems programatically assigning permissions to Folders / Registry entries. I have managed to assign inheriting permissions using the following code:
我一直在以编程方式为文件夹/注册表项分配权限时遇到问题。我已设法使用以下代码分配继承权限:
FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
DirectorySecurity security = new DirectorySecurity();
security.SetAccessRule(rule);
Directory.CreateDirectory(dir);
Directory.SetAccessControl(dir, security);
This correctly sets my file permissions on all the child folders i create as an administrator. However, it does not set the permissions on the dirfolder itself. I've played around with a fair few permutations for inheritance and propogation, but not had any joy.
这正确设置了我以管理员身份创建的所有子文件夹的文件权限。但是,它不会设置dir文件夹本身的权限。我玩过一些继承和传播的排列,但没有任何乐趣。
For example, I have:
例如,我有:
dir = %programfiles%\Test
If i have created a folder in test (%programfiles%\Test\SubFolder), I have full permissions assigned to it for my user, but I do not have full permissions on %programfiles%\Test. This is really annoying, as I would like to give my user full permissions to do whatever with the Test directory as well.
如果我在 test ( %programfiles%\Test\SubFolder) 中创建了一个文件夹,我为我的用户分配了完全权限,但我没有完全权限%programfiles%\Test。这真的很烦人,因为我想授予我的用户对 Test 目录执行任何操作的完全权限。
I am having similar problems with registry permissions, but I believe that if i can solve one, i can solve both of the outstanding issues.
我在注册表权限方面遇到了类似的问题,但我相信如果我能解决一个问题,我就能解决两个悬而未决的问题。
Does anyone know how this can be resolved?
有谁知道如何解决这个问题?
Regards
Tris
问候
特丽丝
回答by Dave
For the folder:
对于文件夹:
FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
FileSystemRights.FullControl, AccessControlType.Allow);
For subfolders and files:
对于子文件夹和文件:
FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
FileSystemRights.FullControl, InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly,
AccessControlType.Allow);
both lines need to be in your project. then you get acls that apply to this folder, subfolders and files
两条线都需要在您的项目中。然后你会得到适用于这个文件夹、子文件夹和文件的 acls
回答by Jeremy
I'm hardly an expert here, but after having to figure this out for my own purposes, I believe that Dave's answer, although functional, is overly complicated. You should be able to achieve this with just one rule:
我在这里算不上专家,但在为了我自己的目的而不得不弄清楚这一点之后,我相信 Dave 的答案虽然实用,但过于复杂。您应该能够通过一条规则来实现这一目标:
FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
The PropagationFlags.InheritOnlyparameter used by the OP in their original code is what prevents the access rule from applying to the object itself.
PropagationFlags.InheritOnlyOP 在其原始代码中使用的参数阻止了访问规则应用于对象本身。
Also, you might as well set the directory's security as you're creating it, since .NET provides an overload for just that purpose:
此外,您也可以在创建目录时设置目录的安全性,因为 .NET 仅为此目的提供了重载:
Directory.CreateDirectory(dir, security);
