开发者

FileSystemRights Issues (C#)

I'm fairly new to file systems and permissions/rights access (aka Access Control List, ACL). While coding with regards to ACL, I am not able to set properties I want to the files. I'm unsure if my understanding of FileSystemRights members are wrong, or I'm totally doing the wrong thing. (And I'm spending quite some time on this part already)

What I'd like to do is change the rights of a file, so that it can only be soelly readable AND cannot be edited, renamed, deleted开发者_如何学运维 and copied elsewhere.

Using the MSDN's example, here's what I have so far:

try
{
    //Get current identity
    WindowsIdentity self = System.Security.Principal.WindowsIdentity.GetCurrent();

    // Add the access control entry to the file.
    AddFileSecurity(filename, self.Name, FileSystemRights.Modify, AccessControlType.Deny);
    AddFileSecurity(filename, self.Name, FileSystemRights.Write, AccessControlType.Deny);
    AddFileSecurity(filename, self.Name, FileSystemRights.ReadAndExecute, AccessControlType.Allow);

    // Remove the access control entry from the file.
    RemoveFileSecurity(filename, self.Name, FileSystemRights.ReadAndExecute, AccessControlType.Deny);
    RemoveFileSecurity(filename, self.Name, FileSystemRights.Read, AccessControlType.Deny);

    Console.WriteLine("Done.");
}
catch (Exception e)
{
    Console.WriteLine(e);
}

My logic is that:

  1. Add Deny Modify rights (Denying .Modify will cause the file to become unreadable)
  2. Add Deny Write rights
  3. Add Allow ReadAndExecute rights
  4. Remove Deny entry on ReadAndExecute (As .Modify denies ReadAndExecute)
  5. Remove Deny entry on Read (As .Modify denies Read)

Am I doing this part correctly? If not, please advise on what should I do to make the file only readable only and not editable, renamable, deletable and copiable. Many thanks in advance!


Please explain what it is doing wrong. The only thing I see that may be an issue is that you're setting the permissions for yourself, but not the other users, or groups. Perhaps you should iterate through all the groups (admins, users, etc) and disable all but read&execute. Although I think SYSTEM always has full control of all files.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜