Reputation: 27
Create folder with parent permissions then add another permission
In C# I want to add a folder within another folder (or the root of a drive) but I want to copy the permissions of the root folder and then add another user to the new folder ACL as well as the ones from the parent (if that makes sense)
For example... If I have a folder entitled blah and within that folder I want another folder called blah2 I want blah2 to have the ACL permissions of blak plus I want to add authenticated users to that list.
Any ideas?
Upvotes: 1
Views: 4334
Answers (2)
Reputation: 134601
The main process you'll want to know about is adding/modifying ACLS for a file or directory.
First of all, to get the set of permissions set for a directory, you can use the DirectoryInfo.GetAccessControl() method (files will have a similar FileInfo.GetAccessControl()) or the static Directory.GetAccessControl(). This will give you an object which contains the ACLs and other security info for the directory.
var parentDir = new DirectoryInfo(@"c:\some\directory");
var parentAc = parentDir.GetAccessControl();
Once obtained, you can get the access rules for that directory (provided you have the permissions to do so). You can choose to get the inherited or explicitly defined rules or both. There is a targetType parameter which you can specify how you want to get the identity information back. You'll probably want to use the System.Security.Principal.NTAccount type for a user friendly identifier. As the names would imply, inherited permissions are the permissions inherited from parent directories while explicit are the permissions added directly.
var inheritedRules = parentAc.GetAccessRules(
includeExplicit: false,
includeInherited: true,
targetType: typeof(System.Security.Principal.NTAccount)
);
var explicitRules = parentAc.GetAccessRules(
includeExplicit: true,
includeInherited: false,
targetType: typeof(System.Security.Principal.NTAccount)
);
This will give you collections of FileSystemAccessRule objects representing an ACL. From here, you can take these rules and add it to the directory you'd want to add to. But in case you wanted to create new rules, you'll have to create the rule by hand. Take a look at the FileSystemAccessRule class to see what options are available to you. If you wanted to give everyone full control, you would create the rule:
var newRule = new FileSystemAccessRule(
new System.Security.Principal.NTAccount("Everyone"),
FileSystemRights.FullControl,
AccessControlType.Allow
);
To add the new rules, just take the rules and add it to the access control object you want to add to. You won't have to add inherited rules because... they will be inherited, but you'll probably want to add the explicit rules. Just be aware that changes made to the access control object will not reflect the actual directory until you set them back.
var dir = parentDir.CreateSubdirectory("test");
var ac = dir.GetAccessControl();
ac.AddAccessRule(newRule);
foreach (FileSystemAccessRule rule in explicitRules)
ac.AddAccessRule(rule);
dir.SetAccessControl(ac);
There is of course much more you can do with this but this should help get the ball rolling on figuring out what you want to do.
Upvotes: 2
Related Questions
- Set permissions for directories/subdirectories/files
- Programmatically Adding Permissions to a Folder
- C# Creating directory and setting the permissions
- How to set folder permission
- Granting full permissions to everyone on newly created folder from within c#
- Set permissions for directory and child items
- Changing permissions on child folders in C#
- how to set the folder permission programatically in c#
- Create and set permissions on new home folder programmatically
- How do you create folders and specify access permissions on them at the same time?