private DirectorySecurity GetServiceDirectorySecurity(string serviceDataRootPath)
        {
            DirectorySecurity serviceDataRootSecurity;

            if (Directory.Exists(serviceDataRootPath))
            {
                this.tracer.RelatedInfo($"{nameof(this.GetServiceDirectorySecurity)}: {serviceDataRootPath} exists, modifying ACLs.");
                serviceDataRootSecurity = Directory.GetAccessControl(serviceDataRootPath);
            }
            else
            {
                this.tracer.RelatedInfo($"{nameof(this.GetServiceDirectorySecurity)}: {serviceDataRootPath} does not exist, creating new ACLs.");
                serviceDataRootSecurity = new DirectorySecurity();
            }

            // Protect the access rules from inheritance and remove any inherited rules
            serviceDataRootSecurity.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);

            // Remove any existing ACLs and add new ACLs for users and admins
            WindowsFileSystem.RemoveAllFileSystemAccessRulesFromDirectorySecurity(serviceDataRootSecurity);
            WindowsFileSystem.AddUsersAccessRulesToDirectorySecurity(serviceDataRootSecurity, grantUsersModifyPermissions: false);
            WindowsFileSystem.AddAdminAccessRulesToDirectorySecurity(serviceDataRootSecurity);

            return(serviceDataRootSecurity);
        }
예제 #2
0
        private DirectorySecurity GetUpgradeLogsDirectorySecurity(string upgradeLogsPath)
        {
            DirectorySecurity upgradeLogsSecurity;

            if (Directory.Exists(upgradeLogsPath))
            {
                this.tracer.RelatedInfo($"{nameof(this.GetUpgradeLogsDirectorySecurity)}: '{upgradeLogsPath}' exists, modifying ACLs");
                upgradeLogsSecurity = Directory.GetAccessControl(upgradeLogsPath);
            }
            else
            {
                this.tracer.RelatedInfo($"{nameof(this.GetUpgradeLogsDirectorySecurity)}: '{upgradeLogsPath}' does not exist, creating new ACLs");
                upgradeLogsSecurity = new DirectorySecurity();
            }

            // Protect the access rules from inheritance and remove any inherited rules
            upgradeLogsSecurity.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);

            // Add new ACLs for users and admins.  Users will be granted write permissions.
            WindowsFileSystem.AddUsersAccessRulesToDirectorySecurity(upgradeLogsSecurity, grantUsersModifyPermissions: true);
            WindowsFileSystem.AddAdminAccessRulesToDirectorySecurity(upgradeLogsSecurity);
            return(upgradeLogsSecurity);
        }