[英]C# File/Directory Permissions for local share
我需要一个可供所有本地用户编辑的文件。 该应用程序将所有用户的公共信息保存在其自己的 ProgramData 文件夹中。 我需要保证对所有用户进行读写,信息太少,不值得使用数据库。
我从以下Path.Combine(Application.CommonAppDataPath, "InfoConfig");
获取文件夹的路径: Path.Combine(Application.CommonAppDataPath, "InfoConfig");
所有用户都可以在此文件夹中读取、写入和创建。 其他用户创建的文件除外。
我已经尝试删除 Creator Owner 没有成功。 所以我最后一次尝试不是从容器文件夹继承并从头开始为系统、管理员和用户创建权限。 但它也不起作用,这是我的代码。
string sharedFolder = Path.Combine(Application.CommonAppDataPath, "InfoConfig");
if (!Directory.Exists(sharedFolder))
{
DirectoryInfo directoryInfo = Directory.CreateDirectory(sharedFolder);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
directorySecurity.SetAccessRuleProtection(true, false);
FileSystemRights fileSystemRights =
FileSystemRights.FullControl |
FileSystemRights.Modify |
FileSystemRights.Read |
FileSystemRights.Delete;
SecurityIdentifier usersSid =
new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
SecurityIdentifier systemSid =
new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
SecurityIdentifier adminsSid =
new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
FileSystemAccessRule rule =
new FileSystemAccessRule(systemSid, fileSystemRights, AccessControlType.Allow);
directorySecurity.AddAccessRule(rule);
rule = new FileSystemAccessRule(adminsSid, fileSystemRights, AccessControlType.Allow);
directorySecurity.AddAccessRule(rule);
rule = new FileSystemAccessRule(usersSid, FileSystemRights.Read
| FileSystemRights.Write
| FileSystemRights.Modify,
AccessControlType.Allow);
directorySecurity.AddAccessRule(rule);
directoryInfo.SetAccessControl(directorySecurity);
}
它仍然不起作用。 我究竟做错了什么?
我只考虑了usersSid
的以下代码段,您也可以为其他userTypes调整它
添加了ObjectSecurity.ModifyAccessRule(AccessControlModification, AccessRule, Boolean)
,它将指定的修改应用于与此 ObjectSecurity 对象(在我们的实例中为directorySecurity
)关联的自由访问控制列表 (DACL) 。
string sharedFolder = Path.Combine(Application.CommonAppDataPath, "InfoConfig");
if (!Directory.Exists(sharedFolder))
{
DirectoryInfo directoryInfo = Directory.CreateDirectory(sharedFolder);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
directorySecurity.SetAccessRuleProtection(true, false);
FileSystemRights fileSystemRights =
FileSystemRights.FullControl |
FileSystemRights.Modify |
FileSystemRights.Read |
FileSystemRights.Delete;
SecurityIdentifier usersSid =
new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
FileSystemAccessRule rule = new FileSystemAccessRule(usersSid, fileSystemRights,InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
directorySecurity.AddAccessRule(rule);
bool result;
directorySecurity.ModifyAccessRule(AccessControlModification.Set, rule, out result);
if (!result)
{
throw new InvalidOperationException("Failed to give full-control permission to all users for path " + path);
}
FileSystemAccessRule inheritedRule = new FileSystemAccessRule(
usersSid,
fileSystemRights,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
bool inheritedResult;
directorySecurity.ModifyAccessRule(AccessControlModification.Add, inheritedRule, out inheritedResult);
if (!inheritedResult)
{
throw new InvalidOperationException("Failed to give full-control permission inheritance to all users for " + path);
}
directoryInfo.SetAccessControl(directorySecurity);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.