C# Programming
03-03-2010, 01:50 AM
While logged in as an administrator in Windows 7,I create a directory(RS)in the ProgramData directory and a text file. I then write a string to the file. When I log in as a User account, I am able to write to the created file as long as I add the second Access Rule for the user. It does not make any sense to me why I have to add this second rule. I have tried applying the same permissions from the second User rule to the first User rule, and it still will not allow the User account to write to the file. Why do I have to add this second rule? Also why is it that FileSystemRights.FullControl is not really what it claims to be? After all if I gave someone full control of my car they would assume they could do anything with it, wouldn't they?
StringBuilder sbPath = new StringBuilder(40);
sbPath.Append(Environment.GetEnvironmentVariable("ALLUSERSPROFILE"));
sbPath.Append(@"\RS");
// Create a DirectorySecurity object
DirectoryInfo dInfo = new DirectoryInfo(sbPath.ToString());
if (!dInfo.Exists)
{
// Add ACL entrys to Directory before it is created
DirectorySecurity dSecurity = new DirectorySecurity();
dSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount("Administrators"),
FileSystemRights.FullControl | FileSystemRights.Write, InheritanceFlags.None,
PropagationFlags.None, AccessControlType.Allow));
dSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount("Users"),
FileSystemRights.FullControl | FileSystemRights.Modify | FileSystemRights.Synchronize,
InheritanceFlags.None,
PropagationFlags.InheritOnly, AccessControlType.Allow));
// *** Need this rule added in order for a user login to get access. Why?
dSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount("Users"),
FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly, AccessControlType.Allow));
dInfo.Create(dSecurity);
sbPath.Append(@"\thefile.txt");
// Create directory under C:\ProgramData
FileStream fs = File.Create(sbPath.ToString());
StreamWriter sw = new StreamWriter(fs);
sw.WriteLine("Some Data");
sw.Close();
fs.Close();Craig
StringBuilder sbPath = new StringBuilder(40);
sbPath.Append(Environment.GetEnvironmentVariable("ALLUSERSPROFILE"));
sbPath.Append(@"\RS");
// Create a DirectorySecurity object
DirectoryInfo dInfo = new DirectoryInfo(sbPath.ToString());
if (!dInfo.Exists)
{
// Add ACL entrys to Directory before it is created
DirectorySecurity dSecurity = new DirectorySecurity();
dSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount("Administrators"),
FileSystemRights.FullControl | FileSystemRights.Write, InheritanceFlags.None,
PropagationFlags.None, AccessControlType.Allow));
dSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount("Users"),
FileSystemRights.FullControl | FileSystemRights.Modify | FileSystemRights.Synchronize,
InheritanceFlags.None,
PropagationFlags.InheritOnly, AccessControlType.Allow));
// *** Need this rule added in order for a user login to get access. Why?
dSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount("Users"),
FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly, AccessControlType.Allow));
dInfo.Create(dSecurity);
sbPath.Append(@"\thefile.txt");
// Create directory under C:\ProgramData
FileStream fs = File.Create(sbPath.ToString());
StreamWriter sw = new StreamWriter(fs);
sw.WriteLine("Some Data");
sw.Close();
fs.Close();Craig