ACL:如何检查或取消选中选项

时间:2012-11-28 09:27:23

标签: c# .net permissions acl file-permissions

我在ACL中为我的文件夹添加了组,但我无法检查/取消选择它。

String account = @"HYPROSTROY\Все сотрудники";
FileSystemRights rights = FileSystemRights.FullControl;
// I have tried and it too:
// FileSystemRights rights = FileSystemRights.Read | FileSystemRights.Write | FileSystemRights.Modify;
AccessControlType controlType = AccessControlType.Allow;
DirectorySecurity security = local_commonDir.Parent.GetAccessControl(AccessControlSections.Access);
FileSystemAccessRule rule = new FileSystemAccessRule(account, rights, controlType);

security.AddAccessRule(rule);
// local_commonDir - экземпляр DirectoryInfo
local_commonDir.Parent.SetAccessControl(security); 

已添加群组,但未选中所有选项:

enter image description here

UPD === 我尝试过其他方法:

// String account = Path.Combine(Environment.MachineName, "Пользователи");
String account = @"HYPROSTROY\Все сотрудники";
FileSystemRights rights = FileSystemRights.FullControl;                 
AccessControlType controlType = AccessControlType.Allow;                    
DirectorySecurity security = local_commonDir.Parent.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule rule = new FileSystemAccessRule(account, rights, controlType);
//security.AddAccessRule(rule);
Boolean result;
security.ModifyAccessRule(AccessControlModification.Add, rule, out result);
local_commonDir.Parent.SetAccessControl(security);

但选项未经检查:(

我的错误在哪里?

2 个答案:

答案 0 :(得分:0)

这对我有用:

dir = "C:\test";
DirectorySecurity security = Directory.GetAccessControl(dir);
FileSystemAccessRule rule = new FileSystemAccessRule("Account", FileSystemRights.FullControl, AccessControlType.Allow);
security.AddAccessRule(rule);

Directory.SetAccessControl(dir,security); 

答案 1 :(得分:0)

我找到了解决方案:

WindowsIdentity id = WindowsIdentity.GetCurrent();
var sid = new SecurityIdentifier(WellKnownSidType.AccountDomainUsersSid, id.User.AccountDomainSid);
var security = dir.GetAccessControl();
var rule = new FileSystemAccessRule(sid,
    FileSystemRights.FullControl,
    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
    PropagationFlags.None,
    AccessControlType.Allow);
security.AddAccessRule(rule);
dir.SetAccessControl(security);