G
Guest
I have a similar issue to Bob Eaton's previous post in that I have an app
that stores data in [CommonAppData]/Company/Application. I need to give the
local/users group 'modify' rights to this folder and have the modify right
propagate to child files and folders.
By the way, 'local/Users' also inherits special permissions on this folder
which allow users to create files/objects and append data. So the first time
a file is saved to this folder by a LUA user it works just fine. However,
they can't edit the content of the files or overwrite them later.
I can set the permissions as part of an installation custom action that runs
with elevated priviledges but I'm having trouble setting the actual
permissions.
The code that I'm trying to use is:
Sub Set_Folder_Permissions()
'Retrieve the Directory Security descriptor for the directory
Dim DirectorySecurity As DirectorySecurity =
Directory.GetAccessControl(Settings.CommonAppDataPath,
AccessControlSections.Access)
'Create a new Access Rule
Dim accessrule As New FileSystemAccessRule("users",
FileSystemRights.Modify, InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow)
'Add the access rule to the Directory Security Descriptor
DirectorySecurity.AddAccessRule(accessrule)
'Persist the Directory Security Descriptor to the directory
Directory.SetAccessControl(Settings.CommonAppDataPath,
DirectorySecurity)
End Sub
However, this isn't changing the 'Users' group access rights on the folder.
No exceptions are generated either.
Of course, the Users group is already inheriting Read & Execute, Read, List
folder Contents from the parent folder. I can manually add 'Modify' (which
also turns on 'Write') at this level and it's inherited by lower level
objects correctly. But my code isn't adding the modify right and that's my
main problem.
Second, I'm concerned about hard coding 'Users' as the account. I thought
that 'Users' was locale specific and I should use a well known sid.
My questions are: Am I doing something wrong with the code above? How to I
add the Modify right for the 'Users' group on a folder?
Second, do I need to worry about hard coding 'Users' rather than using a
well known SID? If so, how do I go about using the well known SID?
Thanks,
Jason Eskew
that stores data in [CommonAppData]/Company/Application. I need to give the
local/users group 'modify' rights to this folder and have the modify right
propagate to child files and folders.
By the way, 'local/Users' also inherits special permissions on this folder
which allow users to create files/objects and append data. So the first time
a file is saved to this folder by a LUA user it works just fine. However,
they can't edit the content of the files or overwrite them later.
I can set the permissions as part of an installation custom action that runs
with elevated priviledges but I'm having trouble setting the actual
permissions.
The code that I'm trying to use is:
Sub Set_Folder_Permissions()
'Retrieve the Directory Security descriptor for the directory
Dim DirectorySecurity As DirectorySecurity =
Directory.GetAccessControl(Settings.CommonAppDataPath,
AccessControlSections.Access)
'Create a new Access Rule
Dim accessrule As New FileSystemAccessRule("users",
FileSystemRights.Modify, InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow)
'Add the access rule to the Directory Security Descriptor
DirectorySecurity.AddAccessRule(accessrule)
'Persist the Directory Security Descriptor to the directory
Directory.SetAccessControl(Settings.CommonAppDataPath,
DirectorySecurity)
End Sub
However, this isn't changing the 'Users' group access rights on the folder.
No exceptions are generated either.
Of course, the Users group is already inheriting Read & Execute, Read, List
folder Contents from the parent folder. I can manually add 'Modify' (which
also turns on 'Write') at this level and it's inherited by lower level
objects correctly. But my code isn't adding the modify right and that's my
main problem.
Second, I'm concerned about hard coding 'Users' as the account. I thought
that 'Users' was locale specific and I should use a well known sid.
My questions are: Am I doing something wrong with the code above? How to I
add the Modify right for the 'Users' group on a folder?
Second, do I need to worry about hard coding 'Users' rather than using a
well known SID? If so, how do I go about using the well known SID?
Thanks,
Jason Eskew