C# 如何为所有用户授予我的应用程序创建的文件的完全权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9108399/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to grant full permission to a file created by my application for ALL users?
提问by nawfal
The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?
我开发的工具需要为其创建的文件授予“完全控制”访问权限。它需要从所有 Windows 帐户甚至可能的未来帐户中读取、修改和删除。这能实现吗?
I know I can try this for a SPECIFIC_USER:
我知道我可以为特定用户尝试这个:
FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow);
FileSecurity fSecurity = File.GetAccessControl(filePath);
fSecurity.SetAccessRule(rule);
File.SetAccessControl(filePath, fSecurity);
But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?
但是我如何将它授予所有用户?甚至可能的未来账户?如果后一部分是不可能的,那么第一个要求怎么办?
Thanks.
谢谢。
EDIT:
编辑:
This is the code which worked for me. Taken from the answerer's link.
这是对我有用的代码。摘自回答者的链接。
private bool GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(
new SecurityIdentifier(WellKnownSidType.WorldSid, null),
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
return true;
}
Note the PropagationFlags.NoPropagateInheritwhich is required (mentioned towards the last in the link). It does grant privilege to even future accounts.
请注意PropagationFlags.NoPropagateInherit这是必需的(在链接中的最后一个提到)。它确实为未来的帐户授予特权。
采纳答案by Angelo Vargas
Note to people using this.
请注意使用此功能的人。
When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSidinstead of "everyone".
当为 使用文字字符串时FileSystemAccessRule,它应该WellKnownSidType.WorldSid代替"everyone"。
The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).
原因是因为有多种Window语言,而Everyone只适用于EN语言,所以对于西班牙语,它可能是“Todos”(或其他东西)。
using System.Security.AccessControl;
using System.Security.Principal;
using System.IO;
private void GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
}
