我编写了一段代码来检查具有以下权限设置的文件夹:
请注意,用户没有读取和执行,读取等。他们只有“列出文件夹内容”。这就是我们需要它的方式。
但是,当我在这些文件夹中扫描这个特定用户时,我找不到这种情况。它始终显示它们具有读取访问权限(能够读取文件夹中的文件),即使它们显然没有。
我做错了什么?下面我将对上图所示人员的调试设置发表评论。
internal bool IsListOnlyUser(string userID, string pth, bool IncludeInherited)
{
DirectoryInfo di = new DirectoryInfo(pth);
DirectorySecurity ds = di.GetAccessControl(AccessControlSections.Access);
AuthorizationRuleCollection acl = ds.GetAccessRules(true,
IncludeInherited, typeof(NTAccount));
foreach (FileSystemAccessRule ace in acl)
{
if (ace.IdentityReference.Value.ToString().ToLower()
== userID.ToLower())
{
FileSystemRights R2 = ace.FileSystemRights;
// *** The rights for the user with LIST only are:
//FileSystemRights.ReadData (same value as ListDirectory)
//FileSystemRights.ReadExtendedAttributes
//FileSystemRights.ExecuteFile (same value as Traverse)
//FileSystemRights.ReadAttributes
//FileSystemRights.ReadPermissions
//FileSystemRights.Synchronize
bool L = CheckRights(ace, FileSystemRights.ListDirectory);
bool R = CheckRights(ace, FileSystemRights.Read);
// Yet, this resolves to TRUE! But I tested. This guy does NOT
// have access to the files themselves. Only to the fact that
// the file exists.
bool W = CheckRights(ace, FileSystemRights.Modify);
// This still resolves to FALSE
if (L && !R && !W)
{
return true;
}
}
}
return false;
}
private bool CheckRights(FileSystemAccessRule ACE, FileSystemRights fileSystemRights)
{
bool r = ((ACE.FileSystemRights & fileSystemRights) == fileSystemRights) &&
(ACE.AccessControlType == AccessControlType.Allow);
return r;
}
更新
作为旁注,在我的测试中,“IncludeInherited”总是假的,但无论我转向继承标志的哪种方式,这个问题都适用。