开发者

Add "Everyone" privilege to folder using C#.NET

I have used the code below to allow Everyone access to a folder:

System.Security.AccessControl.DirectorySecurity sec =
    System.IO.Directory.GetAccessControl(directory, AccessControlSections.All);
FileSystemAccessRule 开发者_Go百科accRule = new FileSystemAccessRule("Everyone",
                                       FileSystemRights.Modify,
                                       AccessControlType.Allow);
sec.AddAccessRule(accRule);    // setACL
sec.ResetAccessRule(accRule);

Now, the Everyone user is added to the folder, but not with any rights assigned. All the read, write, execute etc. checkboxes are not checked.


First thing I want to tell you is how I found this solution. This is probably more important than the answer because file permissions are hard to get correct.

First thing I did was set the permissions I wanted using the Windows dialogs and checkboxes. I added a rule for "Everyone" and ticked all boxes except "Full Control".

Then I wrote this C# code to tell me exactly what parameters I need to duplicate the Windows settings:

string path = @"C:\Users\you\Desktop\perms"; // path to directory whose settings you have already correctly configured
DirectorySecurity sec = Directory.GetAccessControl(path);
foreach (FileSystemAccessRule acr in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) {
    Console.WriteLine("{0} | {1} | {2} | {3} | {4}", acr.IdentityReference.Value, acr.FileSystemRights, acr.InheritanceFlags, acr.PropagationFlags, acr.AccessControlType);
}

This gave me this line of output:

Everyone | Modify, Synchronize | ContainerInherit, ObjectInherit | None | Allow

So the solution is simple (yet hard to get right if you don't know what to look for!):

DirectorySecurity sec = Directory.GetAccessControl(path);
// Using this instead of the "Everyone" string means we work on non-English systems.
SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
sec.AddAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.Modify | FileSystemRights.Synchronize, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
Directory.SetAccessControl(path, sec);

This will make the checkboxes on the Windows security dialog match what you have already set for your test directory.


The below code checks for the folder existence, if not created, creates one. And then sets every user- permission of that folder with full permission (read & write).

string file = @"D:\Richi";     
private static void GrantAccess(string file)
            {
                bool exists = System.IO.Directory.Exists(file);
                if (!exists)
                {
                    DirectoryInfo di = System.IO.Directory.CreateDirectory(file);
                    Console.WriteLine("The Folder is created Sucessfully");
                }
                else
                {
                    Console.WriteLine("The Folder already exists");
                }
                DirectoryInfo dInfo = new DirectoryInfo(file);
                DirectorySecurity dSecurity = dInfo.GetAccessControl();
                dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
                dInfo.SetAccessControl(dSecurity);

            }


use FileSystemRights.FullControl instead of FileSystemRights.Modify if you want to allow all actions (ACL).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜