public void TakeOwn(string filepath) { FileSecurity fileS = File.GetAccessControl(filepath); SecurityIdentifier cu = WindowsIdentity.GetCurrent().User; SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null); try { Privileges.EnablePrivilege(SecurityEntity.SE_TAKE_OWNERSHIP_NAME); } catch (Exception) { console.AppendText("Failed to get SeTakeOwnershipPrivledge\r\n"); } fileS.SetOwner(cu); File.SetAccessControl(filepath, fileS); fileS.SetAccessRuleProtection(false, false); fileS.RemoveAccessRuleAll(new FileSystemAccessRule(everyone, FileSystemRights.FullControl, AccessControlType.Deny)); fileS.RemoveAccessRuleAll(new FileSystemAccessRule(cu, FileSystemRights.FullControl, AccessControlType.Deny)); fileS.SetAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.FullControl, AccessControlType.Allow)); fileS.SetAccessRule(new FileSystemAccessRule(cu, FileSystemRights.FullControl, AccessControlType.Allow)); File.SetAccessControl(filepath, fileS); File.SetAttributes(filepath, FileAttributes.Normal); }
private static void SetFileSystemAcls() { if (!File.Exists(PGINA_CONFIG_EXE)) { throw new Exception(string.Format("Unable to find configuration executable: {0}", PGINA_CONFIG_EXE)); } m_logger.InfoFormat("Setting ACLs on {0}", PGINA_CONFIG_EXE); FileSystemAccessRule userReadAndExecute = new FileSystemAccessRule(USERS_GROUP, FileSystemRights.ReadAndExecute, AccessControlType.Allow); FileSystemAccessRule userRead = new FileSystemAccessRule(USERS_GROUP, FileSystemRights.Read, AccessControlType.Allow); FileSystemAccessRule adminFull = new FileSystemAccessRule(ADMIN_GROUP, FileSystemRights.FullControl, AccessControlType.Allow); FileSystemAccessRule systemFull = new FileSystemAccessRule(SYSTEM_ACCT, FileSystemRights.FullControl, AccessControlType.Allow); FileSystemAccessRule authedUsersMod = new FileSystemAccessRule(AUTHED_USERS, FileSystemRights.Modify, AccessControlType.Allow); FileSystemAccessRule usersMod = new FileSystemAccessRule(USERS_GROUP, FileSystemRights.Modify, AccessControlType.Allow); FileSecurity fs = File.GetAccessControl(PGINA_CONFIG_EXE); fs.SetAccessRuleProtection(true, false); fs.RemoveAccessRuleAll(authedUsersMod); fs.RemoveAccessRuleAll(usersMod); fs.AddAccessRule(userReadAndExecute); fs.AddAccessRule(adminFull); fs.AddAccessRule(systemFull); File.SetAccessControl(PGINA_CONFIG_EXE, fs); }
/// <summary> /// 移除 指定文件 指定用户的 权限 /// </summary> /// <param name="fileName">指定文件</param> /// <param name="Account"> 指定用户</param> public static void RemoveFileAccountSecurity(string fileName, string Account) { FileInfo fInfo = new FileInfo(fileName); if (fInfo.Exists) { FileSecurity fSecurity = fInfo.GetAccessControl(); FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow); FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny); fSecurity.RemoveAccessRuleAll(AccessRule); fSecurity.RemoveAccessRuleAll(AccessRule2); fInfo.SetAccessControl(fSecurity); } }
public void RemoveAccessRuleAll_Succeeds() { var accessRuleAppendData = new FileSystemAccessRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.AppendData, AccessControlType.Allow); var accessRuleRead = new FileSystemAccessRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Read, AccessControlType.Allow); var accessRuleWrite = new FileSystemAccessRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write, AccessControlType.Allow); var accessRuleReadPermissionDeny = new FileSystemAccessRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.ReadPermissions, AccessControlType.Deny); var accessRuleReadNetworkService = new FileSystemAccessRule(Helpers.s_NetworkServiceNTAccount, FileSystemRights.Read, AccessControlType.Allow); var fileSecurity = new FileSecurity(); fileSecurity.AddAccessRule(accessRuleAppendData); fileSecurity.AddAccessRule(accessRuleRead); fileSecurity.AddAccessRule(accessRuleReadPermissionDeny); fileSecurity.AddAccessRule(accessRuleReadNetworkService); //Removing all the access rules of the "System" user with the access control type "allow". fileSecurity.RemoveAccessRuleAll(accessRuleWrite); AuthorizationRuleCollection rules = fileSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(2, rules.Count); var existingAccessRule = (FileSystemAccessRule)rules[0]; Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), existingAccessRule.IdentityReference); Assert.Equal(AccessControlType.Deny, existingAccessRule.AccessControlType); Assert.Equal(FileSystemRights.ReadPermissions, existingAccessRule.FileSystemRights); existingAccessRule = (FileSystemAccessRule)rules[1]; Assert.Equal(Helpers.s_NetworkServiceNTAccount, existingAccessRule.IdentityReference); Assert.Equal(AccessControlType.Allow, existingAccessRule.AccessControlType); }
public void RemoveAccessRuleAll_Succeeds() { var accessRuleAppendData = new FileSystemAccessRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData, AccessControlType.Allow); var accessRuleRead = new FileSystemAccessRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Read, AccessControlType.Allow); var accessRuleWrite = new FileSystemAccessRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Write, AccessControlType.Allow); var accessRuleReadPermissionDeny = new FileSystemAccessRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.ReadPermissions, AccessControlType.Deny); var accessRuleReadNetworkService = new FileSystemAccessRule(@"NT AUTHORITY\Network Service", FileSystemRights.Read, AccessControlType.Allow); var fileSecurity = new FileSecurity(); fileSecurity.AddAccessRule(accessRuleAppendData); fileSecurity.AddAccessRule(accessRuleRead); fileSecurity.AddAccessRule(accessRuleReadPermissionDeny); fileSecurity.AddAccessRule(accessRuleReadNetworkService); //Removing all the access rules of the "System" user with the access control type "allow". fileSecurity.RemoveAccessRuleAll(accessRuleWrite); AuthorizationRuleCollection rules = fileSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(2, rules.Count); var existingAccessRule = (FileSystemAccessRule)rules[0]; Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), existingAccessRule.IdentityReference); Assert.Equal(AccessControlType.Deny, existingAccessRule.AccessControlType); Assert.Equal(FileSystemRights.ReadPermissions, existingAccessRule.FileSystemRights); existingAccessRule = (FileSystemAccessRule)rules[1]; Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), existingAccessRule.IdentityReference); Assert.Equal(AccessControlType.Allow, existingAccessRule.AccessControlType); }
// Adds an ACL entry on the specified file for the specified account. public static bool RemoveFileSecurity(string fileName, string accountName) { // Cannot remove filesecurity if account doesn't exist if (!string.IsNullOrEmpty(accountName) && AccessControlList.AccountExist(accountName)) { SecurityIdentifier sid = AccessControlList.GetAccount(accountName); // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File.GetAccessControl(fileName); // Remove the FileSystemAccessRule from the security settings. fSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(accountName, FileSystemRights.ReadAndExecute, AccessControlType.Allow)); // Set the new access settings. File.SetAccessControl(fileName, fSecurity); return(true); } else { return(false); } }
/// <summary> /// 删除指定用户的ACL /// </summary> /// <param name="identity">Windows帐户</param> /// <param name="filePath">文件路径</param> public static void RemoveAccessRule(string filePath, string identity) { if (File.Exists(filePath)) { FileSecurity _fs = File.GetAccessControl(filePath); _fs.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow)); File.SetAccessControl(filePath, _fs); } else if (Directory.Exists(filePath)) { DirectorySecurity _fs = Directory.GetAccessControl(filePath); _fs.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow)); Directory.SetAccessControl(filePath, _fs); } else { throw new FileNotFoundException("要操作的文件没有找到", filePath); } }
public void RemoveAccessRuleAll_InvalidFileSystemAccessRule() { var fileSecurity = new FileSecurity(); AssertExtensions.Throws <ArgumentNullException>("rule", () => fileSecurity.RemoveAccessRuleAll(null)); }
public static FileSecurity RemoveAllSystemAccessRule(FileSecurity fs) { try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } return(fs); }
/// <summary> /// 删除所有的系统访问权限 /// </summary> /// <param name="filePath">文件路径</param> public static void RemoveAllSystemAccessRule(string filePath) { if (File.Exists(filePath)) { FileSecurity _fs = File.GetAccessControl(filePath); try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } File.SetAccessControl(filePath, _fs); } else if (Directory.Exists(filePath)) { DirectorySecurity _fs = Directory.GetAccessControl(filePath); try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } Directory.SetAccessControl(filePath, _fs); } else { throw new FileNotFoundException("要操作的文件没有找到", filePath); } }
public static void RemoveFileSecurity(string fileName, string account, FileSystemRights rights, AccessControlType controlType) { fSecurity = File.GetAccessControl(fileName); fSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(account, rights, controlType)); File.SetAccessControl(fileName, fSecurity); }