![](/img/trans.png)
[英]How can I verify in C# if a folder has “Security” to “Everyone - Full Control: Allow”?
[英]How to check if “Everyone” has full control permissions to a file in c#
我正在編寫一個實用程序來幫助更改某個文件的文件權限,以允許/禁止對Windows機器上的“Everyone”組訪問它。 到目前為止,我已經能夠使用以下代碼為文件設置和刪除“Everyone”的完全控制權限:
void AddFullControl()
{
FileSecurity fsFile = File.GetAccessControl("file.tmp");
fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl("file.tmp", fsFile);
}
void RemoveFullControl()
{
FileSecurity fsFile = File.GetAccessControl("file.tmp");
fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny));
File.SetAccessControl("file.tmp", fsFile);
}
但是,我想檢查一下“Everyone”是否已經擁有完全控制權限,並且無法找到執行此操作的方法。 我在谷歌搜索后花了幾天時間搜索谷歌搜索,但卻找不到辦法。 有人可以指出我正確的方向或給我一個如何做到這一點的例子嗎?
更新:這個答案非常快,我能夠提出有效的c#代碼。 我創建的代碼如下:
void CheckAccess()
{
AuthorizationRuleCollection arcFile = File.GetAccessControl("file.tmp").GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
foreach (AuthorizationRule arFile in arcFile)
{
if (arFile.IdentityReference.Value == "Everyone")
{
FileSystemAccessRule fasrFile = (FileSystemAccessRule)arFile;
if (fasrFile.AccessControlType == AccessControlType.Allow && fasrFile.FileSystemRights.HasFlag(FileSystemRights.FullControl))
{
MessageBox.Show("file.tmp already has Full Control permissions granted to Everyone");
}
}
}
}
var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
.Cast<FileSystemAccessRule>()
.SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0");
bool fullControlAllowed = everyone != null
&& everyone.AccessControlType == AccessControlType.Allow
&& everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl);
如果權限可能包含Everyone
Allow
和Deny
條目,則必須使用如下代碼。 它的語義略有不同,因為你沒有得到everyone
Deny
條目的詳細信息。
var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
.Cast<FileSystemAccessRule>()
.SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0"
&& x.AccessControlType == AccessControlType.Allow);
bool fullControlAllowed = everyone != null
&& everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl)
您必須獲取該文件的授權規則,並檢查是否存在“Everyone”帳戶的規則。 然后,您可以檢查FileSystemRights
以查看規則是否具有FullControl
。
var account = @"Everyone";
var hasFullControl = rules.OfType<FileSystemAccessRule>()
.Where(rule => rule.IdentityReference.Value == account && rule.AccessControlType == AccessControlType.Allow)
.Select(rule => (bool?)rule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
.SingleOrDefault();
一個限制為“Everyone”的文件,否則無法通過命令if(Directory.Exists(pathfile))
識別,因為該文件受訪問保護,編譯器將無法識別它在指定目錄中的存在,並且它將始終命中!Directory.Exists(pathfile)
命令。 如果你想每次都寫新數據,那么這可能有所幫助,
string pathfile = @"C:\\Users\\Public\\Documents\\Filepath.txt";
if (!Directory.Exists(pathfile))
{
File.SetAttributes(pathfile, FileAttributes.Normal);
File.Delete(pathfile);
using (FileStream fs = File.Create(pathfile))
{
Byte[] info = new UTF8Encoding(true).GetBytes("What Ever Your Text is");
fs.Write(info, 0, info.Length);
File.SetAttributes(pathfile, FileAttributes.ReadOnly);
FileSecurity fsec = File.GetAccessControl(pathfile);
fsec.AddAccessRule(new FileSystemAccessRule("Everyone",
FileSystemRights.ReadData, AccessControlType.Allow));
File.SetAccessControl(pathfile, fsec);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.