 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / March 2008Setting folder permissions
Hi, I am creating a windows service. This service has a filewatcher on it. When I drop a file, I want to parse the filename then create the directory. The directory will be in a filestore server so I am passing in a UNC path. The filestore directory will then also be a virtual directory within an ASP.NET application, so I need to take those permissions into consideration. I am having problems setting the permissions. The error is UnauthorizedAccessException. Here is my code... string RootPath = ConfigurationManager.AppSettings["StorePathRoot"]; string[] Folder = e.Name.Split('_'); if (Folder[0] != string.Empty) { RootPath += Folder[0] + "\\"; if (!Directory.Exists(RootPath)) { Directory.CreateDirectory(RootPath); DirectoryInfo hInfo = new DirectoryInfo(RootPath); DirectorySecurity dirSec = hInfo.GetAccessControl(); dirSec.AddAccessRule(new FileSystemAccessRule(@"david\Everyone", FileSystemRights.Modify, AccessControlType.Allow)); dirSec.AddAccessRule(new FileSystemAccessRule(@"david\LOCAL SERVICE", FileSystemRights.Modify, AccessControlType.Allow)); hInfo.SetAccessControl(dirSec); } } System.IO.File.Move(e.FullPath, RootPath + e.Name); I set the path in the app.config. This is a UNC path (currently to my pc, but will go to a network share). As you can see, I am trying to give "Everyone" permisssion and "LOCAL SERVICE" permission. It is actually failing on the first one, "Everyone". The directory is being created fine. In fact, if I didn't have the permission routine, when I copy a file into my drop folder, it does get moved, though if I copy 2 files into the drop folder, it stops. (I am copying an xml and a pdf file with the same first part of the filename, i.e. test_1.xml and test_1.pdf ) Any help appreciated. Thanks.  SignatureBest regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available You have to make sure that first the login under which the service is running (defaults to SYSTEM) has permission to do the operations you're requesting on the host in the UNC. I think by default the SYSTEM account on one computer has no such rights on another computer. You'll probably want to install/configure your service to use a specific login that has permission to create directories (etc). SignatureBrowse http://connect.microsoft.com/VisualStudio/feedback/ and vote. http://www.peterRitchie.com/blog/ Microsoft MVP, Visual Developer - Visual C# > Hi, > [quoted text clipped - 51 lines] > > Thanks. Thank you... My service was running under LOCAL SERVICE initially, so I have changed it. I changed it to my admin account and got everything working. Since then, I have given it a less priviledged account (an account initially with guest priviledges) and it stops. So, I promoted it to the Users group and it still fails, however, it looks like a different failure. I don't have a domain here, so I am using local accounts to test it... What happens now is that the folder is created and the account that the service uses is added to the folder permissions. I am guessing that is because effectively, my service account is the owner of the service. However, when I check the permissions, absolutely no permissions have been granted, just the account is in the list. My code to assign permissions is... dirSec.AddAccessRule(new FileSystemAccessRule(ConfigurationManager.AppSettings["ServiceAccount"], FileSystemRights.Modify, AccessControlType.Allow)); The above line now does not fail where it did before. So, now I don't know what else to do... Thanks. SignatureBest regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available > You have to make sure that first the login under which the service is > running [quoted text clipped - 69 lines] >> >> Thanks. More info... If I add my serviceuser into the admins group, everything works. Just having them in the users group, it fails. I have made the parent folder Users group have Full Control permissions on it. These permissions are being copied into the newly created folder, but I still can't move my files into the folder. On the move, I get an UnauthorizedAccessException. :-( Any clues as to where I should look will be VERY much appreciated. SignatureBest regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available > Thank you... > [quoted text clipped - 98 lines] >>> >>> Thanks. So, you are using a local account (your service account) to change the file permissions on a remote system, right? Well, this won't work, unless : - this account is a shadow account, that is an account that exists on both systems with the exact same credentials. - and the account has admin privileges on the remote system. Willy. , > Thank you... > [quoted text clipped - 98 lines] >>> >>> Thanks. I was using LOCAL SERVICE but have now changed it. Currently, I am looking at a share on MY OWN PC, so it is like a loopback. I am using a local user account. When the app is deployed, it will be on a server that uses Active Directory. Do I have to give my local account for the service admin permissions? Doing that makes it work, but is that not a risk? SignatureBest regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available > So, you are using a local account (your service account) to change the > file permissions on a remote system, right? [quoted text clipped - 107 lines] >>>> >>>> Thanks. >I was using LOCAL SERVICE but have now changed it. > > Currently, I am looking at a share on MY OWN PC, so it is like a loopback. > I am using a local user account. When the app is deployed, it will be on a > server that uses Active Directory. Yes, but it's a share, which means it's accessed by the network Server component as if it was a remote share. "Local Service" is a local account, is an account that has no network access permission, hence the "Local". > Do I have to give my local account for the service admin permissions? > Doing that makes it work, but is that not a risk? You don't have to run your service using *your* local account, create another non interactive account for this and give this account the required privileges but nothing more. Willy. >> So, you are using a local account (your service account) to change the >> file permissions on a remote system, right? [quoted text clipped - 108 lines] >>>>> >>>>> Thanks. >>I was using LOCAL SERVICE but have now changed it. >> [quoted text clipped - 6 lines] > "Local Service" is a local account, is an account that has no network > access permission, hence the "Local". That is what I figured and I did change it (I thought I said that earlier in the thread). I gave it admin priviledges first and everything worked. I then gave it user permissions instead and it didn't work. >> Do I have to give my local account for the service admin permissions? >> Doing that makes it work, but is that not a risk? [quoted text clipped - 4 lines] > > Willy. I am running the service from another account now, but what priviledges do I need to give it? admin works but I feel is too much. User doesn't work, so obviously not enough. Do I need a combination of account priveledges and parent folder permissions to make it work?
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.