Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / May 2007

Tip: Looking for answers? Try searching our database.

Setting directory NTFS directory permissions (W2k3 Server)

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Peter Bradley - 15 May 2007 15:25 GMT
Hi all,

Using C#, does anyone know how I can manipulate the file permissions on a
folder I've just created such that the folder does not inherit permissions
from its parent.
My code currently has a number of lines that look something like:

dSecurity.AddAccessRule(new FileSystemAccessRule(sid,
                                                FileSystemRights.FullControl,
                                                InheritanceFlags.None,
                                                PropagationFlags.NoPropagateInherit,
                                                AccessControlType.Allow));

There is one line for each sid for which I want to set permissions.

The variable sid is, as you would imagine, a security identifier.  This
works fine, except that these permissions are added to the inherited
permissions, whereas I want to replace the existing (inherited) permissions.
The programme is scheduled to replace an existing script which calls xcacls
like this:

xcacls  \\centralcy03\users\student\edu\dv06004249\profile /P "Domain
Admins":F  dv06004249:F ITAdvisors:F /T /Y,1,true

This appears to replace all existing permissions, which is what we want.

Many thanks,

Peter
Reply to this Message
Peter Bradley - 15 May 2007 16:58 GMT
Forget it guys.  I've sorted it.  I needed:

// Get a DirectorySecurity object that represents the

// current security settings of the profile directory.

DirectorySecurity dSecurity = dInfoProf.GetAccessControl();

dSecurity.SetAccessRuleProtection(true, false);

// Add the FileSystemAccessRule to the security settings.

byte[] sidData = (byte[])user.Properties["objectSid"].Value;

SecurityIdentifier sid = new SecurityIdentifier(sidData, 0);

dSecurity.AddAccessRule(new FileSystemAccessRule(sid,

FileSystemRights.FullControl,

InheritanceFlags.None,

PropagationFlags.NoPropagateInherit,

AccessControlType.Allow));

dSecurity.AddAccessRule(new FileSystemAccessRule(@"CAMPUS\Domain Admins",

FileSystemRights.FullControl,

AccessControlType.Allow));

dSecurity.AddAccessRule(new FileSystemAccessRule(@"CAMPUS\ITAdvisors",

FileSystemRights.FullControl,

AccessControlType.Allow));

dSecurity.SetOwner(sid);

// Set the new access settings.

dInfoProf.SetAccessControl(dSecurity);

The critical line (as everyone except me probably knows) is:

dSecurity.SetAccessRuleProtection(true, false);

(Blo***dy Microsoft documentation, etc etc)

Peter

> Hi all,
>
[quoted text clipped - 27 lines]
>
> Peter
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.