C# 文件/目录权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/429864/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
C# File/Directory Permissions
提问by Jerry
I am writing an application to manage user access to files. The short version of a very long story is that I have to use directory and file priveleges to do it. No document management system for our cheap CEO...
我正在编写一个应用程序来管理用户对文件的访问。一个很长的故事的简短版本是我必须使用目录和文件权限来做到这一点。我们廉价的 CEO 没有文件管理系统......
Anyway... I have everything working except the case where the user can view which files are in the directory but not actually see the contents of the file. (There may be sensitive HR data in the files.)
无论如何......除了用户可以查看目录中的文件但实际上看不到文件内容的情况外,我一切正常。(文件中可能包含敏感的 HR 数据。)
I tried FileSystemRights.ListDirectory, but that seems to (dispite MS documentation) set ReadData to true as well. I turn off ReadData (the ability to read the files) and I suddenly have no access to the directory again. The two appear linked.
我尝试了 FileSystemRights.ListDirectory,但这似乎(尽管 MS 文档)也将 ReadData 设置为 true。我关闭了 ReadData(读取文件的能力),突然又无法访问该目录。两者似乎是有联系的。
Any ideas for which permission(s) to set to achieve this?
有什么想法可以设置哪些权限来实现这一目标?
My current code is:
我目前的代码是:
SetSecurity(pth, usr, FileSystemRights.ListDirectory, AccessControlType.Allow);
...
public void SetSecurity(string dirName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = Directory.GetAccessControl(dirName);
dSecurity.AddAccessRule(new FileSystemAccessRule(account, rights, controlType));
// Set the new access settings.
Directory.SetAccessControl(dirName, dSecurity);
}
Thanks.
谢谢。
--Jerry
- 杰瑞
采纳答案by Eric Rosenberger
The FileSystemRights enum maps both ReadData and ListDirectory to the value 1, so the two are 100% equivalent as far as .NET is concerned.
FileSystemRights 枚举将 ReadData 和 ListDirectory 映射到值 1,因此就 .NET 而言,两者是 100% 等效的。
Have you tried Traverse as opposed to ListDirectory?
您是否尝试过 Traverse 而不是 ListDirectory?
Edit: Based on thisKB article it appears that Windows XP considers them to be the same too, just one applies only to files, and one applies only to directories.
编辑:根据这篇知识库文章,Windows XP 似乎也认为它们是相同的,只有一个仅适用于文件,一个仅适用于目录。
Edit 2: As long as you set the ReadData/ListDirectory access rule to NOT be inherited by child objects, you should be able to apply it to the directory without applying it to the files in the directory. The FileSystemAccessRule class does support changing inheritance flags.
编辑 2:只要您将 ReadData/ListDirectory 访问规则设置为不被子对象继承,您应该能够将其应用于目录而不将其应用于目录中的文件。FileSystemAccessRule 类确实支持更改继承标志。
回答by scottm
The files are probably inheriting the security properties from parent.
这些文件可能从父级继承了安全属性。
You may try calling DirectorySecurity.SetAccessRuleProtection(true, false)to prevent the files from inheriting, before calling Directory.SetAccessControl();
在调用 Directory.SetAccessControl(); 之前,您可以尝试调用DirectorySecurity.SetAccessRuleProtection(true, false)以防止文件继承。
回答by Jerry
Yep. Traverse (I think it's mis-named) allows me to execute a program within a folder, but NOT view the contents of a folder. Not sure why this is useful, to be honest.
是的。Traverse(我认为它的名称有误)允许我在文件夹内执行程序,但不能查看文件夹的内容。老实说,不确定为什么这很有用。
I'm about to tell the CEO that it can't be done and watch the sparks fly again. :P
我正要告诉 CEO 这不可能完成,然后眼睁睁地看着火花再次飞扬。:P
回答by Kwon Ekstrom
It's the inheritance and propagation values which aren't being set when the FileSystemAccessRule is being instantiated..
这是在实例化 FileSystemAccessRule 时未设置的继承和传播值。
