Set write permissions for all users for my program folder

Question

I have build a program in Visual Studio. The program creates a logfile and writes into it while the program is running. Therefore I constructed an installer (setup-project), that should set write permissions for my program-folder regardless which user works with the program. currently it looks like this:

// ...
}
  InitializeComponent();

  string folder = Directory.GetCurrentDirectory();

  DirectorySecurity ds = Directory.GetAccessControl(folder);
  ds.AddAccessRule(new FileSystemAccessRule("Everyone",   //Everyone is important
                                                  //because rights for all users!
   FileSystemRights.Read | FileSystemRights.Write, AccessControlType.Allow));
}
// ...

In the last two rows I get a System.SystemException: “Die Vertrauensstellung zwischen der primären Domäne und der vertrauenswürdigen Domäne konnte nicht hergestellt werden.“

[Translation: "The trust relationship between the primary domain and the trusted domain could not be established."]

The stacktrace reads like this:

bei System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
bei System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed)
bei System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
bei System.Security.Principal.NTAccount.Translate(Type targetType)
bei System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
bei System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
bei System.Security.AccessControl.FileSystemSecurity.AddAccessRule(FileSystemAccessRule rule)

Have you an idea what I can do? thanks

Answer 1

Perhaps the best answer isn't what you've asked for. There's a good reason for not writing to the program files directory. Log data in particular is transient and shouldn't be written here.

It's a much better idea to write log data to the directory specified by the TEMP environment variable. If you do this you'll save your users a few troubles and prevent them cursing your software in the future. Please check out this answer which covers the same topic:

Allow access permission to write in Program Files of Windows 7

Answer 2

Aren't you missing the statement where you actually set the access control back to the directory?

Directory.SetAccessControl(Directory.GetCurrentDirectory(), ds);