C# - Windows ACL - Applying Inherited Permissions

c# windows permissions acl
15,389

Solution 1

For the folder:

FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME, 
    FileSystemRights.FullControl, AccessControlType.Allow);

For subfolders and files:

FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
    FileSystemRights.FullControl, InheritanceFlags.ContainerInherit |  
    InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, 
    AccessControlType.Allow);

both lines need to be in your project. then you get acls that apply to this folder, subfolders and files

Solution 2

I'm hardly an expert here, but after having to figure this out for my own purposes, I believe that Dave's answer, although functional, is overly complicated. You should be able to achieve this with just one rule:

FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
    FileSystemRights.FullControl,
    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
    PropagationFlags.None, 
    AccessControlType.Allow);

The PropagationFlags.InheritOnly parameter used by the OP in their original code is what prevents the access rule from applying to the object itself.

Also, you might as well set the directory's security as you're creating it, since .NET provides an overload for just that purpose:

Directory.CreateDirectory(dir, security);
Share:
15,389
Admin
Author by

Admin

Updated on June 15, 2022

Comments

  • Admin
    Admin almost 2 years

    I've been having problems programatically assigning permissions to Folders / Registry entries. I have managed to assign inheriting permissions using the following code:

    FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME,
    FileSystemRights.FullControl, InheritanceFlags.ContainerInherit |
    InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly,
    AccessControlType.Allow);

DirectorySecurity security = new DirectorySecurity(); 
security.SetAccessRule(rule);

Directory.CreateDirectory(dir);
Directory.SetAccessControl(dir, security);

    This correctly sets my file permissions on all the child folders i create as an administrator. However, it does not set the permissions on the dir folder itself. I've played around with a fair few permutations for inheritance and propogation, but not had any joy.

    For example, I have:

    dir = %programfiles%\Test

    If i have created a folder in test (%programfiles%\Test\SubFolder), I have full permissions assigned to it for my user, but I do not have full permissions on %programfiles%\Test. This is really annoying, as I would like to give my user full permissions to do whatever with the Test directory as well.

    I am having similar problems with registry permissions, but I believe that if i can solve one, i can solve both of the outstanding issues.

    Does anyone know how this can be resolved?

    Regards
    Tris

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Programmatically adding security permissions to files in C#
How to change NTFS ACLs on linux?
How to change permissions on a folder when the owner doesn't have read access and no one else has change permissions enabled?
How to change file permissions on Windows via powershell / cmd?
How to add a SID to a folder permissions
NTFS Permissions for parent folder to make subfolders accessible
Reset default ACLs for C:\Program Files\WindowsApps
How do I use rsync to reliably transfer permissions & ACLs when copying from NTFS internal C: to NTFS External disk?
NTFS Permissions - SYSTEM
Access Control List (ACL) abstraction layer in .net