Menu
The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?
I know I can try this for a SPECIFIC_USER:
FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow); FileSecurity fSecurity = File.GetAccessControl(filePath); fSecurity.SetAccessRule(rule); File.SetAccessControl(filePath, fSecurity); But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?
Thanks.
EDIT:
This is the code which worked for me. Taken from the answerer's link.
private void GrantAccess(string fullPath) { DirectoryInfo dInfo = new DirectoryInfo(fullPath); DirectorySecurity dSecurity = dInfo.GetAccessControl(); dSecurity.AddAccessRule(new FileSystemAccessRule( new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow)); dInfo.SetAccessControl(dSecurity); } Note the PropagationFlags.NoPropagateInherit which is required (mentioned towards the last in the link). It does grant privilege to even future accounts.
269
chmod o-rwx foldername To change directory permissions for everyone, use “u” for users, “g” for group, “o” for others, and “ugo” or “a” (for all). chmod ugo+rwx foldername to give read, write, and execute to everyone. chmod a=r foldername to give only read permission for everyone.
You can use FileInfo class to change the file access permissions. You need to use System. Security. AccessControl namespace classes and of course rights to change the access control of the file that is your C# application must run under permissions that can change the access control.
File and Folder Permissions. Normally in Windows, every file or folder gets their permissions from the parent folder. This hierarchy keeps going all the way up to the root of the hard drive. The simplest permissions have at least three users: SYSTEM, currently logged in user account and the Administrators group.
Now that you own the files, you have to give yourself permission to modify them 1) R-Click on Program Files -> Properties -> Security Tab 2) Click Advanced -> Change Permission 3) Select Administrators (any entry) -> Edit
Here is an example with the user list at the top and the rights at the bottom: Permissions are also either inherited or not. Normally in Windows, every file or folder gets their permissions from the parent folder.
Thanks for posting here. The Settings tab in each folder's properties dialog box contains a check box labeled Grant the user exclusive rights to My Documents. If you select this check box, the user and the local system have full control over the folder, and no one else, not even the administrator, has any rights to it.
Note to people using this.
When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSid instead of "everyone".
The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).
using System.Security.AccessControl; using System.Security.Principal; using System.IO; private void GrantAccess(string fullPath) { DirectoryInfo dInfo = new DirectoryInfo(fullPath); DirectorySecurity dSecurity = dInfo.GetAccessControl(); dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow)); dInfo.SetAccessControl(dSecurity); } You will need to give full control to "Everyone" group on the machine. Found this post on MSDN which talks about it.
Hope this works for you.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
