/// <summary> /// Replaces the permissions of the directory at the given <paramref name="targetPath"/> /// with the inheritable permissions from the directory at the given <paramref name="sourcePath"/>. /// </summary> /// <param name="sourcePath">The path to the directory from which to derive inheritable permissions.</param> /// <param name="targetPath">The path to the directory to which to apply the derived permissions.</param> public static void ApplyInheritableDirectoryPermissions(string sourcePath, string targetPath) { string sourceAbsolutePath = GetAbsolutePath(sourcePath); string targetAbsolutePath = GetAbsolutePath(targetPath); DirectorySecurity sourceSecurity = Directory.GetAccessControl(sourceAbsolutePath); DirectorySecurity targetSecurity = Directory.GetAccessControl(targetAbsolutePath); IdentityReference targetOwner = targetSecurity.GetOwner(typeof(NTAccount)); IdentityReference targetGroup = targetSecurity.GetGroup(typeof(NTAccount)); targetSecurity = new DirectorySecurity(); // This prevents permissions modifications by the target directory's parents (the target's inherited permissions) targetSecurity.SetAccessRuleProtection(true, false); foreach (FileSystemAccessRule rule in sourceSecurity.GetAccessRules(true, true, typeof(NTAccount))) { InheritanceFlags inheritanceFlags = rule.InheritanceFlags; // If the inheritance flags indicate that this rule // is not inheritable by subfolders, skip it if (!inheritanceFlags.HasFlag(InheritanceFlags.ContainerInherit)) { continue; } IdentityReference identityReference = rule.IdentityReference; FileSystemRights fileSystemRights = rule.FileSystemRights; AccessControlType accessControlType = rule.AccessControlType; // If the rule is associated with the CREATOR OWNER identity, add an additional rule // for the target's owner that applies only to the target directory (not inheritable) if (identityReference.Value == "CREATOR OWNER") { targetSecurity.AddAccessRule(new FileSystemAccessRule(targetOwner, fileSystemRights, accessControlType)); } // If the rule is associated with the CREATOR GROUP identity, add an additional rule // for the target's group that applies only to the target directory (not inheritable) if (identityReference.Value == "CREATOR GROUP") { targetSecurity.AddAccessRule(new FileSystemAccessRule(targetGroup, fileSystemRights, accessControlType)); } // If the rule applies only to objects within the source directory, // clear inheritance flags so it will not propagate to subfolders // and files within the target directory if (rule.PropagationFlags.HasFlag(PropagationFlags.NoPropagateInherit)) { inheritanceFlags = InheritanceFlags.None; } // Inherited permissions never inherit propagation flags PropagationFlags propagationFlags = PropagationFlags.None; targetSecurity.AddAccessRule(new FileSystemAccessRule(identityReference, fileSystemRights, inheritanceFlags, propagationFlags, accessControlType)); } Directory.SetAccessControl(targetAbsolutePath, targetSecurity); }