2

我需要一个所有本地用户都可以编辑的文件。应用程序将公共信息保存在 ProgramData 下自己的文件夹中的所有用户。我需要保证对所有用户的读写,信息太少了,不值得使用数据库。

我从以下位置获取文件夹的路径:Path.Combine(Application.CommonAppDataPath, "InfoConfig");

所有用户都可以在此文件夹中读取、写入和创建。其他用户创建的文件除外

我已经尝试删除 Creator Owner 但没有成功。所以我最后一次尝试不是从容器文件夹继承,而是从头开始为系统、管理员和用户创建权限。但它也不起作用,这是我的代码。

            string sharedFolder = Path.Combine(Application.CommonAppDataPath, "InfoConfig");
        if (!Directory.Exists(sharedFolder))
        {
            DirectoryInfo directoryInfo = Directory.CreateDirectory(sharedFolder);
            DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
            directorySecurity.SetAccessRuleProtection(true, false);
            FileSystemRights fileSystemRights = 
                      FileSystemRights.FullControl | 
                      FileSystemRights.Modify | 
                      FileSystemRights.Read | 
                      FileSystemRights.Delete;
            SecurityIdentifier usersSid = 
                      new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
            SecurityIdentifier systemSid = 
                      new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
            SecurityIdentifier adminsSid = 
                      new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);

            FileSystemAccessRule rule = 
                      new FileSystemAccessRule(systemSid, fileSystemRights, AccessControlType.Allow);

            directorySecurity.AddAccessRule(rule);

            rule = new FileSystemAccessRule(adminsSid, fileSystemRights, AccessControlType.Allow);
            directorySecurity.AddAccessRule(rule);

            rule = new FileSystemAccessRule(usersSid, FileSystemRights.Read 
                     | FileSystemRights.Write 
                     | FileSystemRights.Modify, 
                     AccessControlType.Allow);
            directorySecurity.AddAccessRule(rule);

            directoryInfo.SetAccessControl(directorySecurity);
        }

它仍然不起作用。我究竟做错了什么?

4

1 回答 1

2

我只考虑了以下代码段,您也可以为其他用户类型usersSid调整它

添加 ObjectSecurity.ModifyAccessRule(AccessControlModification, AccessRule, Boolean)指定修改应用于与此 ObjectSecurity 对象(directorySecurity在我们的实例中)关联的自由访问控制列表 (DACL)


string sharedFolder = Path.Combine(Application.CommonAppDataPath, "InfoConfig");

 if (!Directory.Exists(sharedFolder))
 {
    DirectoryInfo directoryInfo = Directory.CreateDirectory(sharedFolder);
    DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();

    directorySecurity.SetAccessRuleProtection(true, false);

    FileSystemRights fileSystemRights = 
            FileSystemRights.FullControl | 
            FileSystemRights.Modify | 
            FileSystemRights.Read | 
            FileSystemRights.Delete;

    SecurityIdentifier usersSid = 
            new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);


    FileSystemAccessRule rule =  new FileSystemAccessRule(usersSid, fileSystemRights,InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
    directorySecurity.AddAccessRule(rule);

    bool result;
    directorySecurity.ModifyAccessRule(AccessControlModification.Set, rule, out result);

    if (!result)
        {
            throw new InvalidOperationException("Failed to give full-control permission to all users for path " + path);
        }

    FileSystemAccessRule inheritedRule = new FileSystemAccessRule(
    usersSid,
    fileSystemRights,
    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
    PropagationFlags.InheritOnly,
    AccessControlType.Allow);

    bool inheritedResult;
    directorySecurity.ModifyAccessRule(AccessControlModification.Add, inheritedRule, out inheritedResult);

    if (!inheritedResult)
    {
        throw new InvalidOperationException("Failed to give full-control permission inheritance to all users for " + path);
    }


    directoryInfo.SetAccessControl(directorySecurity);
}
于 2020-02-17T05:55:11.217 回答