Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

DirectorySecurity sets Special Permissions while FileSecurity does not

Tags:

c#

.net

permissions

implementation

Examine the following two blocks of code:

System.Security.AccessControl.DirectorySecurity dsec = System.IO.Directory.GetAccessControl(str);
System.Security.Principal.NTAccount group= new System.Security.Principal.NTAccount("DOMAIN","USERGROUP");
System.Security.AccessControl.FileSystemAccessRule myrule = new System.Security.AccessControl.FileSystemAccessRule(group,System.Security.AccessControl.FileSystemRights.FullControl, System.Security.AccessControl.AccessControlType.Allow);
dsec.SetAccessRule(myrule);
System.IO.Directory.SetAccessControl(str,dsec);

and

System.Security.AccessControl.FileSecurity fsec = System.IO.File.GetAccessControl(file);
System.Security.Principal.NTAccount group= new System.Security.Principal.NTAccount("DOMAIN","USERGROUP");
System.Security.AccessControl.FileSystemAccessRule myrule = new System.Security.AccessControl.FileSystemAccessRule(group,System.Security.AccessControl.FileSystemRights.FullControl, System.Security.AccessControl.AccessControlType.Allow);
fsec.SetAccessRule(myrule);
System.IO.File.SetAccessControl(file,fsec);

One would expect them both to do the exact same thing, only one to a directory and one to a file. And, in some ways, they do. In both cases, the filesystem object in question changes such that DOMAIN\USERGROUP has the Effective Permissions of Full Control.

However, the strange part is, when you right click on a file and view security, you see this: File Security Tab

and when you right click on a folder and view security, you see this: Folder Security Tab

If I then go to Advanced->Effective Permissions->Select(DOMAIN\USERGROUP), it shows that the effective permissions for the folder, for that group, is Full Control (All of the boxes are checked, not just the Full Control Box. That would be even weirder).

My question is, why is there a difference in the effect of an almost identical implementation and does anyone know how to replicate the effect of applying permissions to Files?

like image 871
Logan Avatar asked Aug 07 '12 18:08

Logan

1 Answers

The difference is the relevance of propagation flags for directory security.

var accessRule = new FileSystemAccessRule(
    identity: group,
    fileSystemRights: FileSystemRights.FullControl,
    type: AccessControlType.Allow,
    inheritanceFlags: InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
    propagationFlags: PropagationFlags.None);

Note the inheritanceFlags setting. If unspecified, the default is none, which gets classified as "special".

like image 77
Snixtor Avatar answered Nov 16 '22 00:11

Snixtor
Sign in to Comment

Related questions

Plugin-like architecture in .NET
Does .NET have a linker?
Using C# and VB.NET in one solution
C# How do i iterate through the registry?
Error: No mapping exists from object type
Viewing variable values at runtime in VisualStudio
What does BinaryReader do if the bytes I am reading aren't present yet?
How to make Visual Studio format dictionary initialization?
Parallel.ForEach while retaining order
How can I use Reflection to get the value of a Static Property of a Type without a concrete instance
How to fire a command on double-click listbox item using MVVM?
What is the point of this C# Dictionary<,> optimization?
Resourcemanager is returning same resource, although CultureInfo is specified
How can a razor for loop be used in a javascript script tag?
What is the meaning of thread-agility in ASP.Net?
How do Windows services behave when entering/waking up from sleep or hibernate modes?
C# Passing a collection as a collection of interfaces
Ignore ReSharper naming rules for DTOs
How come I don't need to reference "System.dll" to use the "System" namespace?
Why Use Interfaces Instead of Abstract Classes With DI?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!