/// <summary>
/// Get the ownership of a folder or file.
/// </summary>
/// <param name="fullPath">Full path to the folder or file for which to
/// query the ownership.</param>
/// <returns>Owner's username.</returns>
public static string GetOwner(string fullPath)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
// Owner's user name
string username = "";
// Depending on whether we have a file or a folder, we call different methods
if (Directory.Exists(fullPath))
{
var ds = File.GetAccessControl(fullPath);
username = ds.GetOwner(typeof(System.Security.Principal.NTAccount)).ToString();
}
else if (File.Exists(fullPath))
{
var fs = File.GetAccessControl(fullPath);
username = fs.GetOwner(typeof(System.Security.Principal.NTAccount)).ToString();
}
//Return the username
return(username);
}
/// <summary>
/// Return a list of all users who have any permissions on the folder.
/// </summary>
/// <param name="fullPath">Full path to the folder to query form users
/// with permissions.</param>
/// <returns>List of user names.</returns>
public static List <string> GetUsersWithPermissions(string fullPath)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
// Initialize list of user names
var userNames = new List <string>();
// Get directory security
DirectoryInfo dirinfo = new DirectoryInfo(fullPath);
DirectorySecurity dsec = dirinfo.GetAccessControl(AccessControlSections.All);
// Extract user names
AuthorizationRuleCollection rules = dsec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (AccessRule rule in rules)
{
userNames.Add(rule.IdentityReference.Value);
}
// Return the list of user names
return(userNames);
}
/// <summary>
/// Remove all user permissions from folder.
/// </summary>
/// If the user with name `username` exists, it will be preserved.
/// <param name="fullPath">Full path to the folder on which to remove
/// all user permissions.</param>
/// <param name="username">Name of the user that will keep the
/// permissions.</param>
public static void RemovePermissionsForAllUsersButOne(string fullPath, string username)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
DirectoryInfo dirinfo = new DirectoryInfo(fullPath);
DirectorySecurity dsec = dirinfo.GetAccessControl(AccessControlSections.All);
AuthorizationRuleCollection rules =
dsec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (AccessRule rule in rules)
{
if (rule.IdentityReference.Value != username)
{
dsec.PurgeAccessRules(rule.IdentityReference);
dsec.ModifyAccessRule(AccessControlModification.RemoveAll, rule, out bool value);
// Inform
sLogger.Info("Removed permission from '" + fullPath + "' for '" + username + "'.");
}
}
}
///<summary>
///Remove inherited permission from the specified folder.
///</summary>
///<param name="fullPath">Full path to the folder to which inherited
/// permissions should be removed.</param>
public static void RemoveInheritedPermissionsForFolder(string fullPath)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
DirectorySecurity directorySecurity = Directory.GetAccessControl(fullPath);
directorySecurity.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
Directory.SetAccessControl(fullPath, directorySecurity);
}
/// <summary>
/// Grant full access to Everyone on the specified folder.
/// </summary>
/// <param name="fullPath">Full path to the folder to which the permissions should be set.</param>
public static void GrantFullAccessToEveryone(string fullPath)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
// Get a DirectoryInfo object
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
// Make sure we are working on a directory
if (!dInfo.Attributes.HasFlag(FileAttributes.Directory))
{
// Inform
const string msg = "Directory expected!";
sLogger.Error(msg);
throw new Exception(msg);
}
// Set the permissions to Full Control for Everyone
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(
new System.Security.Principal.SecurityIdentifier(
System.Security.Principal.WellKnownSidType.WorldSid, null),
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit |
InheritanceFlags.ContainerInherit,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
// Now recurse into subdirectories
string[] subdirectories = Directory.GetDirectories(fullPath);
foreach (string subdirectory in subdirectories)
{
GrantFullAccessToEveryone(Path.Combine(fullPath, subdirectory));
}
}
/// <summary>
/// Set the ownership on an item to the specified user.
/// </summary>
/// <param name="item">A FileInfo object on which to set the ownership.
/// </param>
/// <param name="username">Name of the user that will take ownership. It
/// must exist.</param>
private static void SetOwnershipOnDirectory(DirectoryInfo item, string username)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
// Allow this process to circumvent ACL restrictions
NativeMethods.ModifyPrivilege(PrivilegeName.SeRestorePrivilege, true);
// Sometimes this is required and other times it works without it. Not sure when.
NativeMethods.ModifyPrivilege(PrivilegeName.SeTakeOwnershipPrivilege, true);
// Set owner to SYSTEM
var fs = File.GetAccessControl(item.FullName);
fs.SetOwner(new System.Security.Principal.NTAccount(username));
File.SetAccessControl(item.FullName, fs);
}
/// <summary>
/// Set the ownership on a folder to the specified user.
/// </summary>
/// <param name="fullPath">Full path to the folder on which to set the
/// ownership.</param>
/// <param name="username">Name of the user that will take ownership. It
/// must exist.</param>
public static void SetOwnership(string fullPath, string username)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
// Depending on whether we have a file or a folder, we call different methods
if (Directory.Exists(fullPath))
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
SetOwnershipRecursively(dInfo, username);
}
else if (File.Exists(fullPath))
{
FileInfo fi = new FileInfo(fullPath);
SetOwnershipOnFile(fi, username);
}
}
/// <summary>
/// Set the ownership on a folder to the specified user.
/// </summary>
/// <param name="root">Full path to the folder on which to set the
/// ownership.</param>
/// <param name="username">Name of the user that will take ownership. It
/// must exist.</param>
private static void SetOwnershipRecursively(DirectoryInfo root, string username)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
// Set permission on the directory itself before we recurse into subfolders
SetOwnershipOnDirectory(root, username);
// Store files and directories to process
FileInfo[] children = null;
DirectoryInfo[] subDirs = null;
// First, process all the files directly under this folder
try
{
children = root.GetFiles("*");
}
// This is thrown if even one of the files requires permissions greater
// than the application provides.
catch (UnauthorizedAccessException e)
{
// Inform
sLogger.Error("Cannot access folder '" + root + "'. The error was: " + e.Message);
}
catch (DirectoryNotFoundException e)
{
// Inform
sLogger.Error("Folder '" + root + "' not found. The error was: " + e.Message);
}
if (children != null)
{
foreach (FileInfo fi in children)
{
// In this example, we only access the existing FileInfo object. If we
// want to open, delete or modify the file, then
// a try-catch block is required here to handle the case
// where the file has been deleted since the call to TraverseTree().
SetOwnershipOnFile(fi, username);
}
// Now find all the subdirectories under this directory.
subDirs = root.GetDirectories();
foreach (DirectoryInfo dirInfo in subDirs)
{
// Set ownership on the directory itself, and then recurse
SetOwnershipOnDirectory(dirInfo, username);
// Resursive call for each subdirectory.
SetOwnershipRecursively(dirInfo, username);
}
}
}
