Set permissions for directory and also child folders

Question

My c# code creates a user, creates shared folder and set the user permision on this folder,

for now if I have folders like:

A
|_B
|_C
|_D

Then If I create share for folder A, then it shares only A without sharing B,C,D.

My quetion: how to enable inheritance? I mean to make B,C,D be shared also.

I have found this peace of code but it do nothing.

here is my full code:

string uName = "myusername";
string pass = "Rr1234567#";
string path = @"C:\Users\danielf\Desktop\A";
string shareName = "MyShare";
string description = "some description";


PrincipalContext ctx = new PrincipalContext(ContextType.Machine);
UserPrincipal user = new UserPrincipal(ctx ,uName  ,pass  , true);
user.PasswordNeverExpires = true;
user.Save();


DirectoryInfo dInfo = new DirectoryInfo(path);
WindowsIdentity id = WindowsIdentity.GetCurrent();
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(uName , FileSystemRights.FullControl , InheritanceFlags.ContainerInherit , PropagationFlags.InheritOnly , AccessControlType.Allow));
        dInfo.SetAccessControl(dSecurity);

        //Gets User SID for share permissions **NotSecurty**
        NTAccount account = new NTAccount(System.Environment.MachineName , uName);
        SecurityIdentifier sid = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
        byte[] sidArray = new byte[sid.BinaryLength];
        sid.GetBinaryForm(sidArray , 0);

        ManagementObject Trustee = new ManagementClass("root\\CIMV2" , "Win32_Trustee" , null);
        Trustee["Domain"] = ".";
        Trustee["Name"] = uName;
        Trustee["SID"] = sidArray;

        ManagementBaseObject AdminACE = new ManagementClass(new ManagementPath("Win32_Ace") , null);

        // Add the input parameters.
        AdminACE["AccessMask"] = 2032127;
        AdminACE["AceFlags"] = 3;
        AdminACE["AceType"] = 0;
        AdminACE["Trustee"] = Trustee;

        //Security Descriptor For Share creation Parameter
        ManagementObject secDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor") , null);
        secDescriptor["ControlFlags"] = 4;
        secDescriptor["DACL"] = new object[] { AdminACE };

        ManagementClass classInstance = new ManagementClass("root\\CIMV2" , "Win32_Share" , null);

        // Obtain in-parameters for the method
        ManagementBaseObject inParams = classInstance.GetMethodParameters("Create");

        // Add the input parameters.
        inParams["Name"] = shareName; 
        inParams["Path"] = path;
        inParams["Type"] = 0;
        inParams["Description"] = description;
        inParams["Access"] = secDescriptor;
        inParams["MaximumAllowed"] = null;

        // Execute the method and obtain the return values.
        ManagementBaseObject outParams = classInstance.InvokeMethod("Create" , inParams , null);

Answer 1

Shares are of the whole directory tree, if the parent is shared so are all the descendant folders.

But share and folder ACLs still apply.

If you cannot see the children of A via the share then check both the share and the folder permissions. In particular the identity used to access the share needs read access to both the share and to A to see the content of A .

Answer 2

Richard's comment to the question is correct and the most important information. Usually you don't need separate shares to the subfolders (only in very special circumstances).

In addition, also his answer is ok for the "check both share and folder permission"

There is a problem in the code. The NTFS-ACL of the share's entry point is probably set incorrectly or at least non-standard and probably not what RTException wanted.

Using InheritanceFlags.ContainerInherit , PropagationFlags.InheritOnly (as in the original code) leads to:

• NO access for the user to the entry folder (since the ACL is inherit only)
• only subdirectories inherit this ACE, not files

If the usual "User" / "Authenticated User" permission is removed, the new user gets an access denied error since he cannot access even the entry directory.

using

InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None

leads to the "default" permission.

And this it exactly the same as mentioned in the link in the question.

Windows ACLs / inheritance is a very complex topic and also very error-prone. There are some subtleties which can lead to unexpected results.