开发者

Modify Object Access properties via C#

问答 作者:

After viewing my Security Event logs on Server 2003 I have noticed that an event is logged with a failure audit. The category is Object Access, with the following Accesses being required:

READ_CONTROL

SYNCHRONIZE

ReadData (or ListDirectory)

WriteData (or AddFile)

AppendData (or AddSubDirectory or CreatePipeInstance)

I cannot seem to find any documentation on how to modify these properties proggramatically. These failures are generated by postgres and tomcat executables.

EDIT 

protected FileSystemRights[] AppendFileSystemRights()  
        {  
            return new FileSystemRights[]   
              {  
                  FileSystemRights.ReadAndExecute,
                  FileSystemRights.WriteAttributes,
                  FileSystemRights.Synchronize,  
                  FileSystemRights.ReadAttributes,
                  FileSystemRights.ReadData  
              };  
          }

public void ApplySystemRight(string fileName, FileSystemRights[] rights)  
        {  
            if (string.IsNullOrEmpty(fileName))  
            {  
                return;  
            }  

            if (rights == null || rights.Length <= 0)
            {
                return;
            }

            try
            {
                Console.WriteLine("ATTEMPTING TO OPEN THE FOLLOWING FILE: {0}", fileName);
                fileSec = File.GetAccessControl(fileName);

                for (int i = 0; i < rights.Length; i++)
                {
                    Console.WriteLine("ATTEMPTING TO ADD THE FOLLOWING ACCESS RULE: {0} TO {1}", rights[i], fileName);
                    fileSec.AddAccessRule(new FileSystemAccessRule(user,
                        rights[i], AccessControlType.Allow));
                }

                Console.WriteLine("ATTEMPTING TO SET THE PRECEDING ACCESS RULES: TO {0}", fileName);
                File.SetAccessControl(fileName, fileSec);
            }
            catch (UnauthorizedAccessException uae)
            {
                Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0}  \n WHILE PROCESSING: {1}", uae.Message, fileName);
            }
            catch (ArgumentNullException ane)
            {
                Console.Wr开发者_StackOverflow社区iteLine("CAUGHT THE FOLLOWING EXCEPTION: {0}  \n WHILE PROCESSING: {1}", ane.Message, fileName);
            }
            catch (ArgumentException ae)
            {
                Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0}  \n WHILE PROCESSING: {1}", ae.Message, fileName);
            }

        }

I suggest that you run Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) while running the process that is causing the audit failure. This should tell you the specific resource that the process is trying to access. With this information you will be able to set the resource permissions to allow the requested access.

This will produce a runtime error in the app that tries to access the operating system resource. Windows error 5, ERROR_ACCESS_DENIED. If you don't get any diagnostic in the app's log file, an event in the Application event log or an explicit managed exception that tells you what went wrong then you'll be looking for a needle in a haystack.

You can use the FileSecurity class to modify access control properties programmatically. But of course you first have to find out for which file or directory these properties should be modified.

继续阅读:.netevents

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9