堆栈内存溢出
  简体   繁体   English

如何防止计算机用户更改“安全性”选项卡中的文件权限

[英]How to prevent computer users from changing file permissions in the security tab

 原文  2013-08-31 10:43:11       c#/ file/ security

问题描述

I am trying to prevent read/write access to a file (or folder) with C#. 我试图防止使用C#对文件(或文件夹)进行读/写访问。 The file is being locked as it is supposed to but the problem is that I can easily go to the security tab abd change the permissions. 该文件已被锁定,但问题是我可以轻松地转到安全选项卡并更改权限。 How can I prevent all computer users from changing these permissions ? 如何防止所有计算机用户更改这些权限?

The Code i am using is this (Based on an article from MSDN) : 我正在使用的代码是这样的(基于MSDN上的文章): 

        DirectorySecurity fs = System.IO.Directory.GetAccessControl(textBox1.Text);
        fs.SetAccessRule(
            new FileSystemAccessRule(
                        "Users", 
                        FileSystemRights.Modify | 
                        FileSystemRights.ReadPermissions | 
                        FileSystemRights.TakeOwnership | 
                        FileSystemRights.ChangePermissions, 
                        AccessControlType.Deny));
        System.IO.Directory.SetAccessControl(textBox1.Text, fs);

2 个解决方案

解决方案1
 1 已采纳  2013-09-01 09:48:58

What you're wanting to achieve can't be done; 您想要实现的目标无法完成; it might be helpful to explain why you want to do this as context. 解释为什么要以此为背景可能会有所帮助。 More detail on why it can't be done below... 为何无法执行以下操作的更多详细信息...

Your code will be run by a user. 您的代码将由用户运行。 Hence your code only has the permissions of the user running it. 因此,您的代码仅具有运行它的用户的权限。 Given that, your program can do anything that the user can do, permissions wise, so the question becomes about Windows permissions, not C# management of them. 鉴于此,您的程序可以执行用户可以执行的任何操作,这是权限的明智选择,因此问题就变成了Windows权限,而不是它们的C#管理。

It is not possible to use permissions in Windows to prevent Administrators from accessing a file, as Administrators can alter the permissions to whatever they like. Windows中无法使用权​​限来阻止管理员访问文件,因为管理员可以将权限更改为所需的权限。 So even if you run your app as an administrator, it can't do anything that can't be then undone. 因此,即使您以管理员身份运行应用程序,它也无法做任何无法撤消的事情。

If your code is running as a user, then I believe it is possible to lock yourself out of the folder by changing ownership to some other user as well as preventing read access. 如果您的代码以用户身份运行,那么我相信可以通过将所有权更改为其他用户以及阻止读取访问来将自己锁定在文件夹之外。 But of course an admin will still be able to reset the permissions. 但是,当然,管理员仍然可以重置权限。

解决方案2
 0  2013-08-31 10:51:42

I think what you are asking is how to programmatically work with the User management to restrict folder access: 我认为您要问的是如何以编程方式与用户管理一起限制文件夹访问:

http://www.codeproject.com/Articles/18219/Windows-OS-User-Management http://www.codeproject.com/Articles/18219/Windows-OS-User-Management

Then restrict access to Administrators or another group. 然后,限制对管理员或其他组的访问。

Also consider alternatives such as System Administrators doing this via Active Directory. 还可以考虑使用其他替代方法,例如系统管理员通过Active Directory执行此操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C#从安全选项卡中删除用户 - c# removing users from security tab 如何防止用户手动更改文件? - How to prevent a user from changing a file manually? 如何防止用户更改ASP.NET MVC中的其他用户数据 - How to prevent users from changing other users data in ASP.NET MVC 如何从c#显示文件属性对话框安全性选项卡 - How to display file properties dialog security tab from c# 如何防止匿名用户使用表单身份验证访问文件? - How to prevent anonymous users from accessing a file using forms authentication? 如何设置文件权限,以防止其他人对文件进行独占锁定? - How can I set file permissions to prevent anyone else from taking exclusive lock on my file? 如何从ASP.NET MVC2站点上的用户计算机读取xml文件? - How can I read an xml file from the users computer on an ASP.NET MVC2 site? 防止其他进程和用户访问文件 - Prevent other processes and users from accessing a file 防止用户更改asp.net文本框中的某些文本 - Prevent users from changing certain text in asp.net textbox 如何强制将创建的文件下载到用户计算机C# - How to force a download of a created file to a users computer c#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM