private DirectorySecurity GetServiceDirectorySecurity(string serviceDataRootPath)
{
DirectorySecurity serviceDataRootSecurity;
if (Directory.Exists(serviceDataRootPath))
{
this.tracer.RelatedInfo($"{nameof(this.GetServiceDirectorySecurity)}: {serviceDataRootPath} exists, modifying ACLs.");
serviceDataRootSecurity = Directory.GetAccessControl(serviceDataRootPath);
}
else
{
this.tracer.RelatedInfo($"{nameof(this.GetServiceDirectorySecurity)}: {serviceDataRootPath} does not exist, creating new ACLs.");
serviceDataRootSecurity = new DirectorySecurity();
}
// Protect the access rules from inheritance and remove any inherited rules
serviceDataRootSecurity.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
// Remove any existing ACLs and add new ACLs for users and admins
WindowsFileSystem.RemoveAllFileSystemAccessRulesFromDirectorySecurity(serviceDataRootSecurity);
WindowsFileSystem.AddUsersAccessRulesToDirectorySecurity(serviceDataRootSecurity, grantUsersModifyPermissions: false);
WindowsFileSystem.AddAdminAccessRulesToDirectorySecurity(serviceDataRootSecurity);
return(serviceDataRootSecurity);
}
