public static void FolderACL(String accountName, String folderPath)
{
FileSystemRights Rights;
//What rights are we setting?
Rights = FileSystemRights.FullControl;
bool modified;
InheritanceFlags none = new InheritanceFlags();
none = InheritanceFlags.None;
//set on dir itself
FileSystemAccessRule accessRule = new FileSystemAccessRule(accountName, Rights, none, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
DirectoryInfo dInfo = new DirectoryInfo(folderPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out modified);
//Always allow objects to inherit on a directory
InheritanceFlags iFlags = new InheritanceFlags();
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//Add Access rule for the inheritance
FileSystemAccessRule accessRule2 = new FileSystemAccessRule(accountName, Rights, iFlags, PropagationFlags.InheritOnly, AccessControlType.Allow);
dSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule2, out modified);
dInfo.SetAccessControl(dSecurity);
}
/// <summary>
/// 设置目录可操作权限
/// </summary>
/// <param name="user">系统用户,例:Users</param>
/// <param name="directoryPath">目录路径</param>
/// <returns></returns>
public static bool SetDirectoryAccess(string user, string directoryPath)
{
FileSystemRights rights = FileSystemRights.FullControl;
FileSystemAccessRule rule = new FileSystemAccessRule(user, rights, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
DirectoryInfo directoryInfo = new DirectoryInfo(directoryPath);
DirectorySecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
bool result = false;
security.ModifyAccessRule(AccessControlModification.Set, rule, out result);
if (!result)
{
return(false);
}
InheritanceFlags flags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
rule = new FileSystemAccessRule(user, rights, flags, PropagationFlags.InheritOnly, AccessControlType.Allow);
security.ModifyAccessRule(AccessControlModification.Add, rule, out result);
if (!result)
{
return(false);
}
directoryInfo.SetAccessControl(security);
return(true);
}
/// <summary>
/// Adds an ACL entry on the specified folder for the specified account.
/// </summary>
public static bool SetDirPermission(string dirPath, string account,
FileSystemRights rights)
{
FileSystemAccessRule accessRule = new FileSystemAccessRule(account, rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo dirInfo = new DirectoryInfo(dirPath);
DirectorySecurity dirSecurity =
dirInfo.GetAccessControl(AccessControlSections.Access);
bool result = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add,
accessRule, out result);
if (result)
{
accessRule = new FileSystemAccessRule(account, rights,
InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule,
out result);
if (result)
{
dirInfo.SetAccessControl(dirSecurity);
}
}
return(result);
}
/// <summary>
/// Set permissions for a group on a directory.
/// </summary>
/// <param name="groupName"></param>
/// <param name="path"></param>
/// <param name="rights"></param>
public static void SetGroupAcl(string groupName, string path, FileSystemRights rights)
{
bool result;
// Remove trailing backslash
path = path.TrimEnd('\\');
DirectoryInfo directoryInfo = new DirectoryInfo(path);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl(AccessControlSections.Access);
FileSystemAccessRule directoryAccessRule = new FileSystemAccessRule(groupName, rights, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
directorySecurity.ModifyAccessRule(AccessControlModification.Set, directoryAccessRule, out result);
if (result == false)
{
throw new Exception(string.Format("SetAcl failed to set directory access on {0} for group {1}", groupName, path));
}
FileSystemAccessRule inheritanceAccessRule = new FileSystemAccessRule(groupName, rights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
directorySecurity.ModifyAccessRule(AccessControlModification.Add, inheritanceAccessRule, out result);
if (result == false)
{
throw new Exception(string.Format("SetAcl failed to set inheritance access on {0} for group {1}", groupName, path));
}
directoryInfo.SetAccessControl(directorySecurity);
}
///
/// <summary>
/// Alter the access rights for a directory.
/// </summary>
/// <param name="Path"></param>
/// <param name="rights"></param>
/// <param name="username"></param>
/// <param name="inherentsubDir"></param>
/// <returns></returns>
///
public static bool ChangeDirectoryRights(string Path, FileSystemRights rights, string username, bool inherentsubDir)
{
//check to see if path exists
if (!Directory.Exists(Path))
{
return(false);
}
// *** Add Access Rule to the actual directory
FileSystemAccessRule AccessRule = new FileSystemAccessRule(username, rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
//Get the direcory to set the info for
DirectoryInfo Info = new DirectoryInfo(Path);
DirectorySecurity Security = Info.GetAccessControl(AccessControlSections.Access);
bool Result = false;
//set the the rull
Security.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);
//add a see if worked
if (!Result)
{
return(false);
}
//just files
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
if (inherentsubDir)
{////check for the sub directories
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
}
// *** Add Access rule for the inheritance
AccessRule = new FileSystemAccessRule(username, rights,
iFlags, //flags for inheritance
PropagationFlags.InheritOnly, //local already set
AccessControlType.Allow); //make sure we allow this user
Result = false;
// Info.Attributes = FileAttributes.Directory | ~FileAttributes.ReadOnly;
Security.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
if (!Result)
{
return(false);
}
Info.SetAccessControl(Security);
return(true);
}
private static bool SetAcl(string path)
{
const string Users = "Users";
try
{
FileSystemRights Rights = FileSystemRights.FullControl;
// *** Add Access Rule to the actual directory itself
FileSystemAccessRule AccessRule = new FileSystemAccessRule(Users, Rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo Info = new DirectoryInfo(path);
DirectorySecurity Security = Info.GetAccessControl(AccessControlSections.Access);
Security.ModifyAccessRule(AccessControlModification.Set, AccessRule, out bool Result);
if (!Result)
{
return(false);
}
// *** Always allow objects to inherit on a directory
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// *** Add Access rule for the inheritance
AccessRule = new FileSystemAccessRule(Users, Rights,
iFlags,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
Result = false;
Security.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
if (!Result)
{
return(false);
}
Info.SetAccessControl(Security);
Info.Refresh();
return(true);
}
catch (Exception ex)
{
Program.Log.Error(path, ex);
}
return(false);
}
//http://www.west-wind.com/weblog/posts/4072.aspx
public void SetFileSystemRights(string target, string group, FileSystemRights permission, DeploymentResult r)
{
if (!IsDirectory(target) && !IsFile(target))
{
return;
}
var oldSecurity = Directory.GetAccessControl(target);
var newSecurity = new DirectorySecurity();
newSecurity.SetSecurityDescriptorBinaryForm(oldSecurity.GetSecurityDescriptorBinaryForm());
var accessRule = new FileSystemAccessRule(group,
permission,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
bool result;
newSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out result);
if (!result)
{
r.AddError("Something wrong happened");
}
accessRule = new FileSystemAccessRule(group,
permission,
InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
result = false;
newSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result);
if (!result)
{
r.AddError("Something wrong happened");
}
Directory.SetAccessControl(target, newSecurity);
if (result)
{
r.AddGood("Permissions set for '{0}' on folder '{1}'", group, target);
}
if (!result)
{
r.AddError("Something wrong happened");
}
}
static bool SetAcl()
{
try
{
System.IO.Directory.CreateDirectory("C:\\Data");
FileSystemRights Rights = (FileSystemRights)0;
Rights = FileSystemRights.FullControl;
// *** Add Access Rule to the actual directory itself
FileSystemAccessRule AccessRule = new FileSystemAccessRule("Users", Rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo Info = new DirectoryInfo(@"C:\Data");
DirectorySecurity Security = Info.GetAccessControl(AccessControlSections.Access);
bool Result = false;
Security.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);
if (!Result)
{
return(false);
}
// *** Always allow objects to inherit on a directory
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// *** Add Access rule for the inheritance
AccessRule = new FileSystemAccessRule("Users", Rights,
iFlags,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
Result = false;
Security.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
if (!Result)
{
return(false);
}
Info.SetAccessControl(Security);
return(true);
}
catch (Exception e)
{
MessageBox.Show(e.ToString());
return(false);
}
}
public static bool SetDirectoryOwnershipForAllUsers(string destinationDirectory)
{
try
{
FileSystemRights Rights = (FileSystemRights)0;
Rights = FileSystemRights.FullControl;
var usersGroup = @"BUILTIN\Users";
// *** Add Access Rule to the actual directory itself
FileSystemAccessRule AccessRule = new FileSystemAccessRule(usersGroup, Rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo Info = new DirectoryInfo(destinationDirectory);
DirectorySecurity Security = Info.GetAccessControl(AccessControlSections.Access);
bool Result = false;
Security.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);
if (!Result)
{
return(false);
}
// *** Always allow objects to inherit on a directory
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// *** Add Access rule for the inheritance
AccessRule = new FileSystemAccessRule(usersGroup, Rights,
iFlags,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
Result = false;
Security.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
if (!Result)
{
return(false);
}
Info.SetAccessControl(Security);
}
catch (Exception)
{
// We give it a best-effort here. If we aren't running an enterprise OS, this group may not exist (or be needed.)
}
return(true);
}
private static void SetFolderFullControl(string path)
{
////给Excel文件所在目录添加"Everyone,Users"用户组的完全控制权限
//DirectoryInfo di = new DirectoryInfo(path);
//System.Security.AccessControl.DirectorySecurity dirSecurity = di.GetAccessControl();
//dirSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
//dirSecurity.AddAccessRule(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow));
//di.SetAccessControl(dirSecurity);
DirectoryInfo dir = new DirectoryInfo(path);
if (!dir.Exists)
{
return;
}
DirectorySecurity ds = dir.GetAccessControl(AccessControlSections.All);
//继承设置
bool ok;
InheritanceFlags iflag = new InheritanceFlags();
iflag = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule arules = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, iflag, PropagationFlags.None, AccessControlType.Allow);
ds.ModifyAccessRule(AccessControlModification.Add, arules, out ok);
dir.SetAccessControl(ds);
}
//C# 在进行io操作时经常遇到对于路径没有操作权限的情况,这个时候我们需要动态的提供权限进行IO处理
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights[] rights)
{//提供读写权限
//读取该路径的原始操作权限
//提供权限以实现功能操作,
//还原权限
FileSystemRights Rights = new FileSystemRights();
foreach (FileSystemRights item in rights)
{
Rights = Rights | item;
}
//Read ChangePermissions FullControl Write
bool ok;
DirectoryInfo dInfo = new DirectoryInfo(FileName);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
InheritanceFlags iFlags = new InheritanceFlags();
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, Rights, iFlags, PropagationFlags.None, AccessControlType.Allow);
dSecurity.ModifyAccessRule(AccessControlModification.Add, AccessRule2, out ok);
dInfo.SetAccessControl(dSecurity);
//列出目标目录所具有的权限
DirectorySecurity sec = Directory.GetAccessControl(FileName, AccessControlSections.All);
foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if ((rule.FileSystemRights & FileSystemRights.Read) != 0)
{
Console.WriteLine(rule.FileSystemRights.ToString());
}
}
Console.Read();
}
private bool SetMountpointRWAccessForUsers(string mountPointPath, string traceId)
{
string status = String.Empty;
bool fSetACL = false;
#if DotNetCoreClrLinux
try
{
const int defaultFilePermission = 0x1ed;
Chmod(mountPointPath, defaultFilePermission);
fSetACL = true;
}
catch
{
status = "Chmod failed";
}
#else
try
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(mountPointPath);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = FileSystemAclExtensions.GetAccessControl(dInfo);
var allUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
// Add the FileSystemAccessRule to the security settings.
bool fModified = false;
dSecurity.ModifyAccessRule(AccessControlModification.Add, new FileSystemAccessRule(allUsers,
FileSystemRights.Modify,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, // Make it applied to This Folder, subfolders and files
AccessControlType.Allow), out fModified);
// Set the new access settings.
if (fModified)
{
FileSystemAclExtensions.SetAccessControl(dInfo, dSecurity);
fSetACL = true;
}
else
{
status = String.Format("Failed to change ACL of mountpoint {0}.", mountPointPath);
}
}
catch (Exception ex)
{
status = String.Format("Failed to change ACL of mountpoint {0} due to exception: {1}.", mountPointPath, ex.Message);
}
#endif
if (!String.IsNullOrEmpty(status))
{
TraceWriter.WriteErrorWithId(Constants.TraceSource, traceId, status);
}
return(fSetACL);
}
/// <summary>
/// Remove all user permissions from folder.
/// </summary>
/// If the user with name `username` exists, it will be preserved.
/// <param name="fullPath">Full path to the folder on which to remove
/// all user permissions.</param>
/// <param name="username">Name of the user that will keep the
/// permissions.</param>
public static void RemovePermissionsForAllUsersButOne(string fullPath, string username)
{
// Is the function being run by an administrator?
if (!LocalUserManager.IsAdministrator())
{
// Inform
const string msg = "This method must be run by an administrator.";
sLogger.Error(msg);
throw new InvalidOperationException(msg);
}
DirectoryInfo dirinfo = new DirectoryInfo(fullPath);
DirectorySecurity dsec = dirinfo.GetAccessControl(AccessControlSections.All);
AuthorizationRuleCollection rules =
dsec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (AccessRule rule in rules)
{
if (rule.IdentityReference.Value != username)
{
dsec.PurgeAccessRules(rule.IdentityReference);
dsec.ModifyAccessRule(AccessControlModification.RemoveAll, rule, out bool value);
// Inform
sLogger.Info("Removed permission from '" + fullPath + "' for '" + username + "'.");
}
}
}
// 设置相关文件、目录权限
// 解决以普通用户身份运行时,目录没有权限的问题
public static void SetPermission(string path)
{
if (System.Environment.OSVersion.Version.Major <= 5)
{
return;
}
// 如果目录不存在,创建日志目录
EnsureExist(path);
// Users组
string userGroupName = "Users";
DirectorySecurity dirSecurity = Directory.GetAccessControl(path, AccessControlSections.All);
//添加Users组的访问权限规则 完全控制权限
FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule(userGroupName,
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, usersFileSystemAccessRule, out isModified);
// 保存权限设置
Directory.SetAccessControl(path, dirSecurity);
}
internal GlobalFileWritingSystemStore(string path)
{
m_path = path;
if (!Directory.Exists(m_path))
{
DirectoryInfo di;
// Provides FW on Linux multi-user access. Overrides the system
// umask and creates the directory with the permissions "775".
// The "fieldworks" group was created outside the app during
// configuration of the package which allows group access.
using (new FileModeOverride())
{
di = Directory.CreateDirectory(m_path);
}
if (!MiscUtils.IsUnix)
{
// NOTE: GetAccessControl/ModifyAccessRule/SetAccessControl is not implemented in Mono
DirectorySecurity ds = di.GetAccessControl();
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
AccessRule rule = new FileSystemAccessRule(sid, FileSystemRights.Write | FileSystemRights.ReadAndExecute
| FileSystemRights.Modify, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly, AccessControlType.Allow);
bool modified;
ds.ModifyAccessRule(AccessControlModification.Add, rule, out modified);
di.SetAccessControl(ds);
}
}
m_mutex = SingletonsContainer.Get(typeof(Mutex).FullName + m_path,
() => new Mutex(false, m_path.Replace('\\', '_').Replace('/', '_')));
}
private void Authority()//设置APP的目录权限
{
string dirPath = Environment.CurrentDirectory;
DirectoryInfo dir = new DirectoryInfo(dirPath);
DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, usersFileSystemAccessRule, out isModified);
dir.SetAccessControl(dirSecurity);
Start();
exit();
}
public static async Task <bool> CreateHomeDir(Account account)
{
return(await Task.Run(() =>
{
try
{
if (!System.IO.Directory.Exists(account.HomeDirectory))
{
System.IO.Directory.CreateDirectory(account.HomeDirectory);
}
FileSystemRights rights = FileSystemRights.FullControl;
InheritanceFlags flags = new InheritanceFlags();
flags = InheritanceFlags.None;
FileSystemAccessRule accessRule = new FileSystemAccessRule(account.UID, rights, flags, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
DirectoryInfo dInfo = new DirectoryInfo(account.HomeDirectory);
DirectorySecurity dSec = dInfo.GetAccessControl();
bool modified;
dSec.ModifyAccessRule(AccessControlModification.Set, accessRule, out modified);
InheritanceFlags iFlags = new InheritanceFlags();
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule accessRule2 = new FileSystemAccessRule(account.UID, rights, iFlags, PropagationFlags.InheritOnly, AccessControlType.Allow);
dSec.ModifyAccessRule(AccessControlModification.Add, accessRule2, out modified);
dInfo.SetAccessControl(dSec);
return true;
} catch (Exception e)
{
Connector.Log.AddError(Origin.Directory, "Unable to create homedir: " + e.Message);
if (System.IO.Directory.Exists(account.HomeDirectory))
{
try
{
System.IO.Directory.Delete(account.HomeDirectory);
} catch (Exception ex)
{
Connector.Log.AddError(Origin.Directory, ex.Message);
}
}
return false;
}
}));
}
static bool SetAcl(string destinationDirectory)
{
FileSystemRights Rights = (FileSystemRights)0;
Rights = FileSystemRights.FullControl;
// *** Add Access Rule to the actual directory itself
FileSystemAccessRule AccessRule = new FileSystemAccessRule("Users", Rights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo Info = new DirectoryInfo(destinationDirectory);
DirectorySecurity Security = Info.GetAccessControl(AccessControlSections.Access);
bool Result = false;
Security.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);
if (!Result)
{
return(false);
}
// *** Always allow objects to inherit on a directory
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// *** Add Access rule for the inheritance
AccessRule = new FileSystemAccessRule("Users", Rights,
iFlags,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
Result = false;
Security.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
if (!Result)
{
return(false);
}
Info.SetAccessControl(Security);
return(true);
}
static bool SetAccessRule()
{
FileSystemRights pRights = (FileSystemRights)0;
pRights = FileSystemRights.FullControl;
// [HocPD]: Add Access Rule to the actual directory itself
FileSystemAccessRule pAccessRule = new FileSystemAccessRule("Users", pRights,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo pInfo = new DirectoryInfo(Application.StartupPath);
DirectorySecurity pSecurity = pInfo.GetAccessControl(AccessControlSections.Access);
bool pResult = false;
pSecurity.ModifyAccessRule(AccessControlModification.Set, pAccessRule, out pResult);
if (!pResult)
{
return(false);
}
// [HocPD]: Always allow objects to inherit on a directory
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// [HocPD]: Add Access rule for the inheritance
pAccessRule = new FileSystemAccessRule("Users", pRights,
iFlags,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
pResult = false;
pSecurity.ModifyAccessRule(AccessControlModification.Add, pAccessRule, out pResult);
if (!pResult)
{
return(false);
}
pInfo.SetAccessControl(pSecurity);
return(true);
}
/// <summary>
/// 设置文件权限
/// </summary>
/// <param name="FileName">文件路径</param>
/// <param name="Account">系统管理员:administrator</param>
/// <param name="UserRights">文件的权限(R=读,C=更改权限,F=完全控制,W=文件可写)</param>
/// <returns></returns>
public string SetFilePermission(string FileName, string Account, string UserRights)
{
string getPermission = "";
//系统文件权限实例化
FileSystemRights Rights = new FileSystemRights();
if (UserRights.IndexOf("R") >= 0)
{
//系统文件只读
Rights = Rights | FileSystemRights.Read;
}
if (UserRights.IndexOf("C") >= 0)
{
//更改系统文件权限
Rights = Rights | FileSystemRights.ChangePermissions;
}
if (UserRights.IndexOf("F") >= 0)
{
//完全控制
Rights = Rights | FileSystemRights.FullControl;
}
if (UserRights.IndexOf("W") >= 0)
{
//系统文件可写
Rights = Rights | FileSystemRights.Write;
}
bool ok;
//将文件路径修改为f\a\..
DirectoryInfo dInfo = new DirectoryInfo(FileName);
//获取文件的访问控制
DirectorySecurity dSecurity = dInfo.GetAccessControl();
//继承标志
InheritanceFlags iFlags = new InheritanceFlags();
//获得继承方向:容器继承或对象继承
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//系统文件的访问规则:Account是否管理员;Rights是否读写或全部操作;iFlags如何继承;不允许传播;允许访问控制
FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, Rights, iFlags, PropagationFlags.None, AccessControlType.Allow);
//修改文件的访问规则
dSecurity.ModifyAccessRule(AccessControlModification.Add, AccessRule2, out ok);
//为该路径下得文件设置访问控制权限
dInfo.SetAccessControl(dSecurity);
//列出目标目录所具有的权限
DirectorySecurity sec = Directory.GetAccessControl(FileName, AccessControlSections.All);
foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if ((rule.FileSystemRights & FileSystemRights.Read) != 0)
{
getPermission = rule.FileSystemRights.ToString();
}
}
return(getPermission);
}
/// <summary>
/// 添加 指定目录 指定用户 指定的 权限
/// </summary>
/// <param name="FileName">指定目录</param>
/// <param name="Account">指定用户</param>
/// <param name="UserRights"></param>
/// <returns></returns>
public static bool AddDirectorySecurity(string FileName, string Account, FileSystemRights rights)
{
bool ok;
DirectoryInfo dInfo = new DirectoryInfo(FileName);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, rights, iFlags, PropagationFlags.None, AccessControlType.Allow);
dSecurity.ModifyAccessRule(AccessControlModification.Add, AccessRule2, out ok);
dInfo.SetAccessControl(dSecurity);
return(ok);
}
/// <summary>
/// 项目中用,文件夹只保留everyone权限,其中允许用户读,但不允许写
/// by the way,代码结果是给文件夹一个特殊权限,点进去高级看,会发现这个特殊权限的子项和写入权限的子项是一样的
/// </summary>
/// <param name="dirName"></param>
public static void OnlyKeepEveryonePermissionsWithWriteNotAllowed(string dirName)
{
DirectoryInfo dirinfo = new DirectoryInfo(dirName);
DirectorySecurity objSecObj = dirinfo.GetAccessControl();
AuthorizationRuleCollection acl = objSecObj.GetAccessRules(true, true,
typeof(System.Security.Principal.NTAccount));
objSecObj.SetAccessRuleProtection(true, false); //to remove inherited permissions
foreach (FileSystemAccessRule ace in acl) //to remove any other permission
{
objSecObj.PurgeAccessRules(ace.IdentityReference); //same as use objSecObj.RemoveAccessRuleSpecific(ace);
}
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.ReadAndExecute | FileSystemRights.ListDirectory | FileSystemRights.Read, inherits, PropagationFlags.None, AccessControlType.Allow);
FileSystemAccessRule everyoneFileSystemAccessRule2 = new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Deny);
bool isModified = false;
objSecObj.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule2, out isModified);
objSecObj.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
dirinfo.SetAccessControl(objSecObj);
}
private static void SetCommonAppDataPermissions(string path)
{
DirectoryInfo di = Directory.CreateDirectory(path);
DirectorySecurity ds = di.GetAccessControl();
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
AccessRule rule = new FileSystemAccessRule(sid, FileSystemRights.Write | FileSystemRights.ReadAndExecute
| FileSystemRights.Modify, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly, AccessControlType.Allow);
bool modified;
ds.ModifyAccessRule(AccessControlModification.Add, rule, out modified);
di.SetAccessControl(ds);
}
/// <summary>
/// 设置文件夹访问权限
/// </summary>
/// <param name="folderPath">文件夹路径</param>
/// <param name="userName">需要设置权限的用户名</param>
/// <param name="rights">访问权限</param>
/// <param name="allowOrDeny">允许拒绝访问</param>
/// <param name="inherits">继承标志指定访问控制项 (ACE) 的继承语义</param>
/// <param name="propagateToChildren">指定如何将访问面控制项 (ACE) 传播到子对象。仅当存在继承标志时,这些标志才有意义</param>
/// <param name="addResetOrRemove">指定要执行的访问控制修改的类型。此枚举由 System.Security.AccessControl.ObjectSecurity 类及其子类的方法使用</param>
private bool SetFolderACL(string folderPath, string userName, FileSystemRights rights, AccessControlType allowOrDeny, InheritanceFlags inherits, PropagationFlags propagateToChildren, AccessControlModification addResetOrRemove)
{
DirectoryInfo folder = new DirectoryInfo(folderPath);
DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule accRule = new FileSystemAccessRule(userName, rights, inherits, propagateToChildren, allowOrDeny);
bool modified;
dSecurity.ModifyAccessRule(addResetOrRemove, accRule, out modified);
folder.SetAccessControl(dSecurity);
return(modified);
}
public static bool SetAcl(string destinationDirectory)
{
bool flag;
try
{
FileSystemRights fileSystemRight = (FileSystemRights)0;
fileSystemRight = FileSystemRights.FullControl;
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
DirectoryInfo directoryInfo = new DirectoryInfo(destinationDirectory);
DirectorySecurity accessControl = directoryInfo.GetAccessControl(AccessControlSections.Access);
bool flag1 = false;
accessControl.ModifyAccessRule(AccessControlModification.Set, fileSystemAccessRule, out flag1);
if (flag1)
{
fileSystemAccessRule = new FileSystemAccessRule("Users", fileSystemRight, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
flag1 = false;
accessControl.ModifyAccessRule(AccessControlModification.Add, fileSystemAccessRule, out flag1);
if (flag1)
{
directoryInfo.SetAccessControl(accessControl);
flag = true;
}
else
{
flag = false;
}
}
else
{
flag = false;
}
}
catch (Exception exception)
{
flag = false;
}
return flag;
}
public static DirectorySecurity CreateDirectorySecurity(string[] identities)
{
System.Security.AccessControl.DirectorySecurity dirSecurity = new DirectorySecurity();
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
bool isModified = false;
foreach (var item in identities)
{
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(item, FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, fileSystemAccessRule, out isModified);
}
return(dirSecurity);
}
public static bool SetupDirectory(string strPath)
{
if (!Directory.Exists(strPath))
{
DirectoryInfo directoryInfo = Directory.CreateDirectory(strPath);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
AccessRule rule = new FileSystemAccessRule(securityIdentifier, FileSystemRights.Write | FileSystemRights.ReadAndExecute | FileSystemRights.Modify, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
bool modified;
directorySecurity.ModifyAccessRule(AccessControlModification.Add, rule, out modified);
directoryInfo.SetAccessControl(directorySecurity);
}
return(Directory.Exists(strPath));
}
private static void SetSecurityRights(DirectoryInfo directoryInfo)
{
bool modified;
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
AccessRule rule = new FileSystemAccessRule(
securityIdentifier,
FileSystemRights.Write |
FileSystemRights.ReadAndExecute |
FileSystemRights.Modify,
AccessControlType.Allow);
directorySecurity.ModifyAccessRule(AccessControlModification.Add, rule, out modified);
directoryInfo.SetAccessControl(directorySecurity);
}
public override void Install(System.Collections.IDictionary stateSaver)
{
base.Install(stateSaver);
Form frm = new AppConfigModifier(this.Context);
frm.BringToFront();
frm.ShowDialog();
try
{
var filepath = this.Context.Parameters["assemblypath"];
filepath = Path.GetDirectoryName(filepath);
//filepath = Path.Combine(filepath, "Logs");
// This gets the "Authenticated Users" group, no matter what it's called
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
// Create the rules
FileSystemAccessRule writerule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow);
if (!string.IsNullOrEmpty(filepath) && Directory.Exists(filepath))
{
// Get your file's ACL
DirectorySecurity fsecurity = Directory.GetAccessControl(filepath);
// Add the new rule to the ACL
fsecurity.AddAccessRule(writerule);
// Set the ACL back to the file
Directory.SetAccessControl(filepath, fsecurity);
// *** Always allow objects to inherit on a directory
InheritanceFlags iFlags = InheritanceFlags.ObjectInherit;
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// *** Add Access rule for the inheritance
var AccessRule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, iFlags, PropagationFlags.InheritOnly, AccessControlType.Allow);
bool Result = false;
fsecurity.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
Directory.SetAccessControl(filepath, fsecurity);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
/// <summary>
///
/// </summary>
/// <param name="Path">Directory path</param>
/// <param name="Name">Directory Name</param>
/// <param name="Username">Username</param>
/// <return>True or False</return>
public static void RemovePermissions(String Path, String Name, String Username)
{
String strDirectory = BuildDirectory(Path, Name);
DirectoryInfo dirinfo = new DirectoryInfo(strDirectory);
DirectorySecurity dsec = dirinfo.GetAccessControl(AccessControlSections.All);
AuthorizationRuleCollection rules = dsec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (AccessRule rule in rules)
{
if (rule.IdentityReference.Value == Username)
{
bool value;
dsec.PurgeAccessRules(rule.IdentityReference);
dsec.ModifyAccessRule(AccessControlModification.RemoveAll, rule, out value);
dirinfo.SetAccessControl(dsec);
}
}
}
