这应该是一个相当简单的问题,但由于某种原因,我似乎无法让这个工作。我想要做的就是在给定目录上设置权限,以允许对所有用户的完全访问权限。这是我到目前为止的代码:
System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(destinationDirectory);
FileSystemAccessRule fsar = new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow);
DirectorySecurity ds = null;
if (!di.Exists)
{
System.IO.Directory.CreateDirectory(destinationDirectory);
}
ds = di.GetAccessControl();
ds.AddAccessRule(fsar);
没有异常被抛出,但也没有任何反应。在代码运行后检查目录权限时,我看不到任何更改。
有什么想法吗?
答案 0 :(得分:28)
您还需要致电SetAccessControl以应用更改。
ds = di.GetAccessControl();
ds.AddAccessRule(fsar);
di.SetAccessControl(ds); // nothing happens until you do this
正如here所讨论的那样,MSDN上的示例似乎非常缺乏细节。我破解了本文中的代码,以获得表现良好的以下内容:
static bool SetAcl()
{
FileSystemRights Rights = (FileSystemRights)0;
Rights = FileSystemRights.FullControl;
// *** Add Access Rule to the actual directory itself
FileSystemAccessRule AccessRule = new FileSystemAccessRule("Users", Rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo Info = new DirectoryInfo(destinationDirectory);
DirectorySecurity Security = Info.GetAccessControl(AccessControlSections.Access);
bool Result = false;
Security.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);
if (!Result)
return false;
// *** Always allow objects to inherit on a directory
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// *** Add Access rule for the inheritance
AccessRule = new FileSystemAccessRule("Users", Rights,
iFlags,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
Result = false;
Security.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
if (!Result)
return false;
Info.SetAccessControl(Security);
return true;
}
答案 1 :(得分:10)
David Heffernan的答案不适用于非英语机器,其中尝试设置“用户”的权限失败并出现IdentityNotMapped异常。以下代码可以在任何地方使用WellKnownSidType.BuiltinUsersSid代替:
static void SetFullControlPermissionsToEveryone(string path)
{
const FileSystemRights rights = FileSystemRights.FullControl;
var allUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
// Add Access Rule to the actual directory itself
var accessRule = new FileSystemAccessRule(
allUsers,
rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
var info = new DirectoryInfo(path);
var security = info.GetAccessControl(AccessControlSections.Access);
bool result;
security.ModifyAccessRule(AccessControlModification.Set, accessRule, out result);
if (!result)
{
throw new InvalidOperationException("Failed to give full-control permission to all users for path " + path);
}
// add inheritance
var inheritedAccessRule = new FileSystemAccessRule(
allUsers,
rights,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
bool inheritedResult;
security.ModifyAccessRule(AccessControlModification.Add, inheritedAccessRule, out inheritedResult);
if (!inheritedResult)
{
throw new InvalidOperationException("Failed to give full-control permission inheritance to all users for " + path);
}
info.SetAccessControl(security);
}