public static Boolean CreateDir(String strSitePath, String strUserName)
{
Boolean bOk;
try
{
Directory.CreateDirectory(strSitePath);
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;
Sid sidUser = new Sid(strUserName);
// allow: folder, subfolder and files
// modify
dacl.AddAce(new AceAccessAllowed(sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE, AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE));
// deny: this folder
// write attribs
// write extended attribs
// delete
// change permissions
// take ownership
DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC;
AccessType AType = (AccessType)DAType;
dacl.AddAce(new AceAccessDenied(sidUser, AType));
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
bOk = true;
}
catch
{
bOk = false;
}
return(bOk);
} /* CreateDir */
/// <summary>
/// 对用户 strUserName 赋予对文件夹strSitePath 所有的访问权限
/// </summary>
/// <param name="strSitePath"></param>
/// <param name="strUserName"></param>
/// <returns></returns>
public static Boolean SetDirPermission(String strSitePath, String strUserName)
{
bool IsDir = false;
if (System.IO.File.Exists(strSitePath))
{
IsDir = false;
}
else if (!IsDir && !System.IO.Directory.Exists(strSitePath))
{
return(false);
}
else
{
IsDir = true;
}
Boolean bOk;
try
{
// Directory.CreateDirectory(strSitePath);
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath,
SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;//The discretionary access control list (DACL) of an object
Sid sidUser = new Sid(strUserName);
dacl.RemoveAces(sidUser);
AccessType AType = AccessType.GENERIC_ALL;
AceFlags flag = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE | AceFlags.SUCCESSFUL_ACCESS_ACE_FLAG;
AceAccessAllowed ace = new AceAccessAllowed(sidUser, AType, flag);
dacl.AddAce(ace);
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
bOk = true;
}
catch (Exception ee)
{
throw ee;
}
//对所有的子文件和子文件夹附权
if (IsDir)
{
string[] files = System.IO.Directory.GetFiles(strSitePath);
if (files != null && files.Length > 0)
{
foreach (string file in files)
{
SetDirPermission(file, strUserName);
}
}
string[] dirs = System.IO.Directory.GetDirectories(strSitePath);
if (dirs != null && dirs.Length > 0)
{
foreach (string dir in dirs)
{
SetDirPermission(dir, strUserName);
}
}
}
return(bOk);
} /* CreateDir */
