如何检查“Everyone”是否对c＃中的文件具有完全控制权限

Question

I am writing a utility to help with changing file permissions on a certain file to allow/disallow access to it for the "Everyone" group on a Windows machine. 我正在编写一个实用程序来帮助更改某个文件的文件权限，以允许/禁止对Windows机器上的“Everyone”组访问它。 So far I have been able to set and remove the Full Control permissions for "Everyone" to the file by using this code: 到目前为止，我已经能够使用以下代码为文件设置和删除“Everyone”的完全控制权限：

void AddFullControl()
{
    FileSecurity fsFile = File.GetAccessControl("file.tmp");
    fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
    File.SetAccessControl("file.tmp", fsFile);
}

void RemoveFullControl()
{
    FileSecurity fsFile = File.GetAccessControl("file.tmp");
    fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny));
    File.SetAccessControl("file.tmp", fsFile);
}

However, I want to check to see if "Everyone" already has the Full Control permission or not and have not been able to find a way to do this. 但是，我想检查一下“Everyone”是否已经拥有完全控制权限，并且无法找到执行此操作的方法。 I have spent several days scouring through Google search after Google search and have not been able to find a way to do this. 我在谷歌搜索后花了几天时间搜索谷歌搜索，但却找不到办法。 Can someone point me in the right direction or give me an example of how to do this please? 有人可以指出我正确的方向或给我一个如何做到这一点的例子吗？

Update: This was answered very quickly and I was able to come up with c# code that works. 更新：这个答案非常快，我能够提出有效的c＃代码。 The code I created is as follows: 我创建的代码如下：

void CheckAccess()
{
    AuthorizationRuleCollection arcFile = File.GetAccessControl("file.tmp").GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
    foreach (AuthorizationRule arFile in arcFile)
    {
        if (arFile.IdentityReference.Value == "Everyone")
        {
            FileSystemAccessRule fasrFile = (FileSystemAccessRule)arFile;
            if (fasrFile.AccessControlType == AccessControlType.Allow && fasrFile.FileSystemRights.HasFlag(FileSystemRights.FullControl))
            {
                MessageBox.Show("file.tmp already has Full Control permissions granted to Everyone");
            }
        }
    }
}

Answer 1

var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
    .Cast<FileSystemAccessRule>()
    .SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0");
bool fullControlAllowed = everyone != null
             && everyone.AccessControlType == AccessControlType.Allow
             && everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl);

If permissions might include both Allow and Deny entries for Everyone , you will have to use code like the following. 如果权限可能包含Everyone Allow和Deny条目，则必须使用如下代码。 It has slightly different semantics, since you don't get the details on everyone Deny entries. 它的语义略有不同，因为你没有得到everyone Deny条目的详细信息。

var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
    .Cast<FileSystemAccessRule>()
    .SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0"
                       && x.AccessControlType == AccessControlType.Allow);
bool fullControlAllowed = everyone != null
             && everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl)

Answer 2

You have to get the authorization rules for the file and check to see if there's a rule for the "Everyone" account. 您必须获取该文件的授权规则，并检查是否存在“Everyone”帐户的规则。 Then you can check the FileSystemRights for the rule to see if it has FullControl . 然后，您可以检查FileSystemRights以查看规则是否具有FullControl 。

var account = @"Everyone";
var hasFullControl = rules.OfType<FileSystemAccessRule>()
    .Where(rule => rule.IdentityReference.Value == account && rule.AccessControlType == AccessControlType.Allow)
    .Select(rule => (bool?)rule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
    .SingleOrDefault();

Answer 3

A file which is restricted to 'Everyone' which otherwise cannot be recognized through the command if(Directory.Exists(pathfile)) because the file is access protected, the compiler wouldn't recognize its presence in the specified Directory and it will always hit the !Directory.Exists(pathfile) command. 一个限制为“Everyone”的文件，否则无法通过命令if(Directory.Exists(pathfile))识别，因为该文件受访问保护，编译器将无法识别它在指定目录中的存在，并且它将始终命中!Directory.Exists(pathfile)命令。 If you want to write new data every time, then this may help, 如果你想每次都写新数据，那么这可能有所帮助，

string pathfile = @"C:\\Users\\Public\\Documents\\Filepath.txt";
if (!Directory.Exists(pathfile))
{
    File.SetAttributes(pathfile, FileAttributes.Normal);
    File.Delete(pathfile);

    using (FileStream fs = File.Create(pathfile))
    {
        Byte[] info = new UTF8Encoding(true).GetBytes("What Ever Your Text is");

        fs.Write(info, 0, info.Length);
        File.SetAttributes(pathfile, FileAttributes.ReadOnly);
        FileSecurity fsec = File.GetAccessControl(pathfile);
        fsec.AddAccessRule(new FileSystemAccessRule("Everyone",
        FileSystemRights.ReadData, AccessControlType.Allow));
        File.SetAccessControl(pathfile, fsec);
    }
}

如何检查“Everyone”是否对c＃中的文件具有完全控制权限

问题描述

3 个解决方案

解决方案1
6 已采纳 2013-10-22 18:40:59

解决方案2
3 2013-10-22 18:43:01

解决方案3
0 2016-04-29 08:27:22

如何检查“Everyone”是否对c＃中的文件具有完全控制权限

问题描述

3 个解决方案

解决方案1 6 已采纳 2013-10-22 18:40:59

解决方案2 3 2013-10-22 18:43:01

解决方案3 0 2016-04-29 08:27:22

解决方案1
6 已采纳 2013-10-22 18:40:59

解决方案2
3 2013-10-22 18:43:01

解决方案3
0 2016-04-29 08:27:22