M
Mark A. Richman
I'm using the new System.Security.AccessControl stuff in 2.0.
This is a snippet typical of what I've done (this example sets Read access for Network Service on 'myFolder' and all subfolders and files)
SecurityIdentifier siNetworkService = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
NTAccount ntaNetworkService = siNetworkService.Translate(typeof(NTAccount)) as NTAccount;
DirectoryInfo diMyFolder = new DirectoryInfo(myFolder);
DirectorySecurity dsMyFolder = diMyFolder.GetAccessControl();
FileSystemAccessRule fsarNetworkService = new FileSystemAccessRule(ntaNetworkService, FileSystemRights.Read, AccessControlType.Allow);
FileSystemAccessRule fsarNetworkService2 = new FileSystemAccessRule(ntaNetworkService, FileSystemRights.Read, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
// I can't figure out why I need two ACEs for this, but I can't get the
// behavior for this folder, child folder and files, and propagate all
// to work in one line of code. The InheritanceFlags and PropagationFlags
// don't like to be mixed with the line above. Try it without the 2nd line
// and you'll see what I mean. Bug in .NET Fx?
dsMyFolder.AddAccessRule(fsarNetworkService);
dsMyFolder.AddAccessRule(fsarNetworkService2);
diMyFolder.SetAccessControl(dsMyFolder);
Any idea why that 2nd ACE is required? Is there a way to set this ACL with fewer lines of code? I have about a dozen rules like this, and it adds up to about 100 lines of code.
- Mark
This is a snippet typical of what I've done (this example sets Read access for Network Service on 'myFolder' and all subfolders and files)
SecurityIdentifier siNetworkService = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
NTAccount ntaNetworkService = siNetworkService.Translate(typeof(NTAccount)) as NTAccount;
DirectoryInfo diMyFolder = new DirectoryInfo(myFolder);
DirectorySecurity dsMyFolder = diMyFolder.GetAccessControl();
FileSystemAccessRule fsarNetworkService = new FileSystemAccessRule(ntaNetworkService, FileSystemRights.Read, AccessControlType.Allow);
FileSystemAccessRule fsarNetworkService2 = new FileSystemAccessRule(ntaNetworkService, FileSystemRights.Read, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
// I can't figure out why I need two ACEs for this, but I can't get the
// behavior for this folder, child folder and files, and propagate all
// to work in one line of code. The InheritanceFlags and PropagationFlags
// don't like to be mixed with the line above. Try it without the 2nd line
// and you'll see what I mean. Bug in .NET Fx?
dsMyFolder.AddAccessRule(fsarNetworkService);
dsMyFolder.AddAccessRule(fsarNetworkService2);
diMyFolder.SetAccessControl(dsMyFolder);
Any idea why that 2nd ACE is required? Is there a way to set this ACL with fewer lines of code? I have about a dozen rules like this, and it adds up to about 100 lines of code.
- Mark
A;;GR;;;NS)(A;CIOIIO;GR;;;NS)
.