VB.NET app is setting restricted file permissions on a directory, which is incorrectly restricting user created files in the same directory

回眸只為那壹抹淺笑 提交于 2019-12-06 07:19:28

UPDATE:

You can break inheritance at any time and decide to leave a copy of the inherited access rules or remove it by using

SetAccessRuleProtection(True, True)

First boolean parameter, if true, breaks inheritance protection, second, if true, keeps a copy of access rules so that you can remove only those you don't want.

Following example should reflect your folder structure as commented:

 ' folder structure
        '
        '---Level1
        '     |
        '     ---Level2
        '          |
        '          ---Level3

        'set access rules at level1 with inheritance

        Dim Level1DirSec As DirectorySecurity = Directory.GetAccessControl("c:\level1")

        Level1DirSec.AddAccessRule(New FileSystemAccessRule(New System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.BuiltinAdministratorsSid, Nothing),
         FileSystemRights.FullControl,
         InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit,
         PropagationFlags.None,
         AccessControlType.Allow))

        Level1DirSec.AddAccessRule(New FileSystemAccessRule(New System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.AuthenticatedUserSid, Nothing),
          FileSystemRights.ReadAndExecute,
          InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit,
          PropagationFlags.None,
          AccessControlType.Allow))

        Directory.SetAccessControl("c:\level1\", Level1DirSec)


        ' break inheritance at level3 and remove access rule for authenticated user group

        Dim Level3DirSec As DirectorySecurity = Directory.GetAccessControl("c:\level1\level2\level3")

        Level3DirSec.SetAccessRuleProtection(True, True)

        Level3DirSec.RemoveAccessRuleAll(New FileSystemAccessRule(New System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.AuthenticatedUserSid, Nothing), FileSystemRights.ReadAndExecute, AccessControlType.Allow))

        Directory.SetAccessControl("c:\level1\level2\level3", Level3DirSec)

You can use WellKnownSid to specify groups and set it on you root folder with inheritance:

    FolderAcl.AddAccessRule(New FileSystemAccessRule(New System.Security.Principal.SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, Nothing),
             FileSystemRights.ReadAndExecute,
             InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit,
             PropagationFlags.None,
             AccessControlType.Allow))

    FolderAcl.AddAccessRule(New FileSystemAccessRule(New System.Security.Principal.SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, Nothing),
             FileSystemRights.FullControl,
             InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit,
             PropagationFlags.None,
             AccessControlType.Allow))

That will give r/w access to all authenticated users as well as full access to administrator group to your root folder and all subfolders and files.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!