Modify Object Access properties via C#

Question

After viewing my Security Event logs on Server 2003 I have noticed that an event is logged with a failure audit. The category is Object Access, with the following Accesses being required:

READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
WriteData (or AddFile)
AppendData (or AddSubDirectory or CreatePipeInstance)

I cannot seem to find any documentation on how to modify these properties proggramatically. These failures are generated by postgres and tomcat executables.

EDIT

protected FileSystemRights[] AppendFileSystemRights()  
        {  
            return new FileSystemRights[]   
              {  
                  FileSystemRights.ReadAndExecute,
                  FileSystemRights.WriteAttributes,
                  FileSystemRights.Synchronize,  
                  FileSystemRights.ReadAttributes,
                  FileSystemRights.ReadData  
              };  
          }

public void ApplySystemRight(string fileName, FileSystemRights[] rights)  
        {  
            if (string.IsNullOrEmpty(fileName))  
            {  
                return;  
            }  

            if (rights == null || rights.Length <= 0)
            {
                return;
            }

            try
            {
                Console.WriteLine("ATTEMPTING TO OPEN THE FOLLOWING FILE: {0}", fileName);
                fileSec = File.GetAccessControl(fileName);

                for (int i = 0; i < rights.Length; i++)
                {
                    Console.WriteLine("ATTEMPTING TO ADD THE FOLLOWING ACCESS RULE: {0} TO {1}", rights[i], fileName);
                    fileSec.AddAccessRule(new FileSystemAccessRule(user,
                        rights[i], AccessControlType.Allow));
                }

                Console.WriteLine("ATTEMPTING TO SET THE PRECEDING ACCESS RULES: TO {0}", fileName);
                File.SetAccessControl(fileName, fileSec);
            }
            catch (UnauthorizedAccessException uae)
            {
                Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0}  \n WHILE PROCESSING: {1}", uae.Message, fileName);
            }
            catch (ArgumentNullException ane)
            {
                Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0}  \n WHILE PROCESSING: {1}", ane.Message, fileName);
            }
            catch (ArgumentException ae)
            {
                Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0}  \n WHILE PROCESSING: {1}", ae.Message, fileName);
            }

        }

Answer 1

I suggest that you run Process Monitor ( http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx ) while running the process that is causing the audit failure. This should tell you the specific resource that the process is trying to access. With this information you will be able to set the resource permissions to allow the requested access.

Answer 2

This will produce a runtime error in the app that tries to access the operating system resource. Windows error 5, ERROR_ACCESS_DENIED. If you don't get any diagnostic in the app's log file, an event in the Application event log or an explicit managed exception that tells you what went wrong then you'll be looking for a needle in a haystack.

Answer 3

You can use the FileSecurity class to modify access control properties programmatically. But of course you first have to find out for which file or directory these properties should be modified.