Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to grant full permission to a file created by my application for ALL users?

The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?

I know I can try this for a SPECIFIC_USER:

FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow); FileSecurity fSecurity = File.GetAccessControl(filePath); fSecurity.SetAccessRule(rule); File.SetAccessControl(filePath, fSecurity); 

But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?

Thanks.

EDIT:

This is the code which worked for me. Taken from the answerer's link.

private void GrantAccess(string fullPath) {     DirectoryInfo dInfo = new DirectoryInfo(fullPath);     DirectorySecurity dSecurity = dInfo.GetAccessControl();     dSecurity.AddAccessRule(new FileSystemAccessRule(         new SecurityIdentifier(WellKnownSidType.WorldSid, null),          FileSystemRights.FullControl,         InheritanceFlags.ObjectInherit |            InheritanceFlags.ContainerInherit,         PropagationFlags.NoPropagateInherit,         AccessControlType.Allow));      dInfo.SetAccessControl(dSecurity); } 

Note the PropagationFlags.NoPropagateInherit which is required (mentioned towards the last in the link). It does grant privilege to even future accounts.

like image 269
nawfal Avatar asked Feb 02 '12 07:02

nawfal


People also ask

How do I give someone full permission?

chmod o-rwx foldername To change directory permissions for everyone, use “u” for users, “g” for group, “o” for others, and “ugo” or “a” (for all). chmod ugo+rwx foldername to give read, write, and execute to everyone. chmod a=r foldername to give only read permission for everyone.

How can I give full permission to a file in C#?

You can use FileInfo class to change the file access permissions. You need to use System. Security. AccessControl namespace classes and of course rights to change the access control of the file that is your C# application must run under permissions that can change the access control.

What are the file permissions in Windows 10?

File and Folder Permissions. Normally in Windows, every file or folder gets their permissions from the parent folder. This hierarchy keeps going all the way up to the root of the hard drive. The simplest permissions have at least three users: SYSTEM, currently logged in user account and the Administrators group.

How do I change the administrator permissions of a program file?

Now that you own the files, you have to give yourself permission to modify them 1) R-Click on Program Files -> Properties -> Security Tab 2) Click Advanced -> Change Permission 3) Select Administrators (any entry) -> Edit

Where do permissions come from?

Here is an example with the user list at the top and the rights at the bottom: Permissions are also either inherited or not. Normally in Windows, every file or folder gets their permissions from the parent folder.

How do I grant user exclusive rights to a folder?

Thanks for posting here. The Settings tab in each folder's properties dialog box contains a check box labeled Grant the user exclusive rights to My Documents. If you select this check box, the user and the local system have full control over the folder, and no one else, not even the administrator, has any rights to it.


2 Answers

Note to people using this.

When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSid instead of "everyone".

The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).

using System.Security.AccessControl; using System.Security.Principal; using System.IO;  private void GrantAccess(string fullPath) {     DirectoryInfo dInfo = new DirectoryInfo(fullPath);     DirectorySecurity dSecurity = dInfo.GetAccessControl();     dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));     dInfo.SetAccessControl(dSecurity); } 
like image 113
Angelo Vargas Avatar answered Oct 05 '22 13:10

Angelo Vargas


You will need to give full control to "Everyone" group on the machine. Found this post on MSDN which talks about it.

Hope this works for you.

like image 21
Amar Palsapure Avatar answered Oct 05 '22 13:10

Amar Palsapure