在Server 2003上查看我的安全事件日志后,我注意到记录了一个带有失败审核的事件。类别是对象访问,需要以下访问:
READ_CONTROL
SYNCHRONIZE
ReadData(或ListDirectory)
WriteData(或AddFile)
AppendData(或AddSubDirectory或CreatePipeInstance)
我似乎找不到任何关于如何以程序方式修改这些属性的文档。这些失败是由postgres和tomcat可执行文件生成的。
编辑
protected FileSystemRights[] AppendFileSystemRights()
{
return new FileSystemRights[]
{
FileSystemRights.ReadAndExecute,
FileSystemRights.WriteAttributes,
FileSystemRights.Synchronize,
FileSystemRights.ReadAttributes,
FileSystemRights.ReadData
};
}
public void ApplySystemRight(string fileName, FileSystemRights[] rights)
{
if (string.IsNullOrEmpty(fileName))
{
return;
}
if (rights == null || rights.Length <= 0)
{
return;
}
try
{
Console.WriteLine("ATTEMPTING TO OPEN THE FOLLOWING FILE: {0}", fileName);
fileSec = File.GetAccessControl(fileName);
for (int i = 0; i < rights.Length; i++)
{
Console.WriteLine("ATTEMPTING TO ADD THE FOLLOWING ACCESS RULE: {0} TO {1}", rights[i], fileName);
fileSec.AddAccessRule(new FileSystemAccessRule(user,
rights[i], AccessControlType.Allow));
}
Console.WriteLine("ATTEMPTING TO SET THE PRECEDING ACCESS RULES: TO {0}", fileName);
File.SetAccessControl(fileName, fileSec);
}
catch (UnauthorizedAccessException uae)
{
Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", uae.Message, fileName);
}
catch (ArgumentNullException ane)
{
Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", ane.Message, fileName);
}
catch (ArgumentException ae)
{
Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", ae.Message, fileName);
}
}
答案 0 :(得分:2)
答案 1 :(得分:1)
这将在尝试访问操作系统资源的应用程序中产生运行时错误。 Windows错误5,ERROR_ACCESS_DENIED。如果您没有在应用程序的日志文件中获得任何诊断,应用程序事件日志中的事件或显式托管异常会告诉您出了什么问题,那么您将在大海捞针中寻找针。
答案 2 :(得分:1)
您可以使用FileSecurity
类以编程方式修改访问控制属性。但是,当然首先必须找出应该修改这些属性的文件或目录。