具有Everyone = READ的Windows文件使访问被拒绝
[英]Windows file with Everyone=READ gives Access is denied
问题描述
I have a Java based application which creates a number of files on Windows under C:\\ProgramData... These files need to be readable by all users, guests, and automated scripts/programs not run by a user. 
我有一个基于Java的应用程序,该应用程序在Windows上的C:\\ ProgramData下创建了许多文件...所有用户,访客和非用户运行的自动脚本/程序都必须可读这些文件。 One example file is "ca-trust.crt" which is created when the app runs as a Service (no service user is configured so its running as Local Machine context). 一个示例文件是“ ca-trust.crt”,该文件在应用程序作为服务运行时创建(未配置服务用户,因此其作为本地计算机上下文运行)。
My app explicitly adds an ACL for group Everyone to have READ, READ+EXECUTE. 我的应用程序为组Everyone显式添加了一个ACL,使其具有READ,READ + EXECUTE。 However, my app gets "Access is denied" when trying to open the file to READ. 但是,尝试打开要读取的文件时,我的应用程序获得“访问被拒绝”。 The same thing happens if I run Powershell as a regular user and run "type C:\\ProgramData...". 如果以普通用户身份运行Powershell并运行“ type C:\\ ProgramData ...”,则会发生相同的情况。
See image below for permissions and "type ..." command output. 请参阅下面的图像以获取权限和“ type ...”命令输出。
If I open PS prompt as Administrator and run "type C:\\ProgramData..." for the same file it works fine. 如果我以管理员身份打开PS提示符并为同一文件运行“ type C:\\ ProgramData ...”,则可以正常工作。
Opening the file with Notepad also fails: 使用记事本打开文件也失败:
The test system is Windows 10 Enterprise non-AD joined. 测试系统是Windows 10企业版非AD加入的。
1 个解决方案
解决方案1
0 已采纳 2018-07-27 22:10:47
Adding SYNCHRONIZE to the ACL in addition to all the READ_* flags fixed the issue. 除了所有READ_ *标志之外,将SYNCHRONIZE添加到ACL中也解决了该问题。 Thank you eryksun! 谢谢eryksun!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.