我有一段C#代码,用于创建一个文件夹并对其进行一些权限设置。以下是代码示例:
static void Main(string[] args){
Directory.CreateDirectory("C:\\vk07");
DirectorySecurity dirSec = Directory.GetAccessControl("C:\\vk07");
dirSec.AddAccessRule(new FileSystemAccessRule("INTRANET\\fGLBChorusUsers", FileSystemRights.ReadAndExecute, AccessControlType.Allow));
Directory.SetAccessControl("C:\\vk07", dirSec);
}
我创建的文件夹权限应该是读和修改,但是查看权限设置时,只显示“特殊权限”被选中。
请问有人能帮我解决这个问题吗?我对ACL不太熟悉,还不是很了解。
我曾经遇到过同样的问题。实际原因是,如果你看一下其他帖子中的网络服务图片,它只适用于文件。如果基本权限说“此文件夹、子文件夹和文件”,则只会显示在第一张图片上。要做到这一点,你需要设置两个标志——InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit。
Try
'If destination directory does not exist, create it first.
If Not Directory.Exists(path) Then Directory.CreateDirectory(path)
Dim dir As New DirectoryInfo(path)
Dim dirsec As DirectorySecurity = dir.GetAccessControl()
'Remove inherited permissions
dirsec.SetAccessRuleProtection(True, False)
'create rights, include subfolder and files to be inherited by this
Dim Modify As New FileSystemAccessRule(username, FileSystemRights.Modify, InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow)
Dim Full As New FileSystemAccessRule(admingroup, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow)
dirsec.AddAccessRule(Modify)
dirsec.AddAccessRule(Full)
'Set
dir.SetAccessControl(dirsec)
Catch ex As Exception
MsgBox(ex.Message)
End Try
This code works for me:
security.AddAccessRule(
new FileSystemAccessRule(
"domain\\login",
FileSystemRights.Modify,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow
));
我也遇到了这个问题。执行以下代码后:
var security = Directory.GetAccessControl(folderPath);
security.AddAccessRule(
new FileSystemAccessRule(
new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null),
FileSystemRights.Modify,
InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow
)
);
Directory.SetAccessControl(folderPath, security);
如果您选择文件夹路径(folderPath)的属性对话框,则会显示如下:
正如您所提到的,只有“特殊权限”被选中,但是如果您单击“高级”,则会看到:
请注意,在此对话框中,NETWORK SERVICE 具有修改权限。
似乎当您以编程方式设置权限时,Windows 不会在文件夹属性对话框中显示这些权限,但它们仍然存在于高级安全设置下。我还确认我的 Windows 服务(以 NETWORK SERVICE 运行)能够访问 folderPath 中的文件。
FileSystemRights.ReadAndExecute 不允许您进行修改,仅限于只读。若要进行全范围操作,您需要使用 FileSystemRights.Modify。您可以查看此链接来了解可用选项。
以下是上述内容的示例:
String dir = @"C:\vk07";
Directory.CreateDirectory(dir);
DirectoryInfo dirInfo = new DirectoryInfo(dir);
DirectorySecurity dirSec = dirInfo.GetAccessControl();
dirSec.AddAccessRule(new FileSystemAccessRule("INTRANET\\fGLBChorusUsers",FileSystemRights.Modify,AccessControlType.Allow));
dirInfo.SetAccessControl(dirSec);
String dir = @"C:\vk07"; Directory.CreateDirectory(dir); DirectoryInfo dirInfo = new DirectoryInfo(dir); DirectorySecurity dirSec = dirInfo.GetAccessControl(); dirSec.AddAccessRule(new FileSystemAccessRule("INTRANET\\fGLBChorusUsers",FileSystemRights.Modify,AccessControlType.Allow)); dirInfo.SetAccessControl(dirSec); - E-Z我在VB中使用相同的代码,设置FileSystemRights.FullControl,使其正常工作。
Dim fsRule As FileSystemAccessRule = New FileSystemAccessRule(sid, FileSystemRights.FullControl, (InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit), PropagationFlags.None, AccessControlType.Allow)