5

我正在编写一个实用程序来帮助更改某个文件的文件权限,以允许/禁止 Windows 机器上的“Everyone”组访问它。到目前为止,我已经能够使用以下代码设置和删除“每个人”对文件的完全控制权限:

void AddFullControl()
{
    FileSecurity fsFile = File.GetAccessControl("file.tmp");
    fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
    File.SetAccessControl("file.tmp", fsFile);
}

void RemoveFullControl()
{
    FileSecurity fsFile = File.GetAccessControl("file.tmp");
    fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny));
    File.SetAccessControl("file.tmp", fsFile);
}

但是,我想检查“每个人”是否已经拥有完全控制权限并且无法找到执行此操作的方法。在谷歌搜索之后,我花了几天时间在谷歌搜索中进行搜索,但无法找到一种方法来做到这一点。有人可以指出我正确的方向或给我一个如何做到这一点的例子吗?

更新: 这很快就得到了回答,我能够想出有效的 c# 代码。我创建的代码如下:

void CheckAccess()
{
    AuthorizationRuleCollection arcFile = File.GetAccessControl("file.tmp").GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
    foreach (AuthorizationRule arFile in arcFile)
    {
        if (arFile.IdentityReference.Value == "Everyone")
        {
            FileSystemAccessRule fasrFile = (FileSystemAccessRule)arFile;
            if (fasrFile.AccessControlType == AccessControlType.Allow && fasrFile.FileSystemRights.HasFlag(FileSystemRights.FullControl))
            {
                MessageBox.Show("file.tmp already has Full Control permissions granted to Everyone");
            }
        }
    }
}
4

3 回答 3

7 
var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
    .Cast<FileSystemAccessRule>()
    .SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0");
bool fullControlAllowed = everyone != null
             && everyone.AccessControlType == AccessControlType.Allow
             && everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl);

如果权限可能同时包含AllowDeny的条目Everyone,您将不得不使用如下代码。它的语义略有不同,因为您没有获得everyone Deny条目的详细信息。

var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
    .Cast<FileSystemAccessRule>()
    .SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0"
                       && x.AccessControlType == AccessControlType.Allow);
bool fullControlAllowed = everyone != null
             && everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl)
于 2013-10-22T18:40:59.193 回答
3

您必须获取文件的授权规则并检查是否有“所有人”帐户的规则。然后您可以检查FileSystemRights规则以查看它是否具有FullControl.

var account = @"Everyone";
var hasFullControl = rules.OfType<FileSystemAccessRule>()
    .Where(rule => rule.IdentityReference.Value == account && rule.AccessControlType == AccessControlType.Allow)
    .Select(rule => (bool?)rule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
    .SingleOrDefault();
于 2013-10-22T18:43:01.213 回答
0

限制为“所有人”的文件,否则无法通过命令识别,if(Directory.Exists(pathfile))因为该文件受访问保护,编译器不会识别它在指定目录中的存在,并且它总是会命中!Directory.Exists(pathfile)命令。如果您想每次都写入新数据,那么这可能会有所帮助,

string pathfile = @"C:\\Users\\Public\\Documents\\Filepath.txt";
if (!Directory.Exists(pathfile))
{
    File.SetAttributes(pathfile, FileAttributes.Normal);
    File.Delete(pathfile);

    using (FileStream fs = File.Create(pathfile))
    {
        Byte[] info = new UTF8Encoding(true).GetBytes("What Ever Your Text is");

        fs.Write(info, 0, info.Length);
        File.SetAttributes(pathfile, FileAttributes.ReadOnly);
        FileSecurity fsec = File.GetAccessControl(pathfile);
        fsec.AddAccessRule(new FileSystemAccessRule("Everyone",
        FileSystemRights.ReadData, AccessControlType.Allow));
        File.SetAccessControl(pathfile, fsec);
    }
}
于 2016-04-29T08:27:22.433 回答