CODEWITHSUNDEEP
c#permissionsdirectory
Sonny Boy
Sonny Boy

Reputation: 8016

C# - Set Directory Permissions for All Users in Windows 7

This should be a fairly simple problem, but for some reason I can't seem to get this to work. All I'd like to do is set the permissions on a given directory to allow full access to all users. Here's the code I have so far:

System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(destinationDirectory);
FileSystemAccessRule fsar = new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow);
DirectorySecurity ds = null;

    if (!di.Exists)
    {
       System.IO.Directory.CreateDirectory(destinationDirectory);
    }

ds = di.GetAccessControl();
ds.AddAccessRule(fsar);

No exceptions get thrown, but nothing happens, either. When I check the directory permissions after the code has been run, I see no changes.

Any ideas?

Upvotes: 16

Views: 42001

Answers (2)

David Heffernan
David Heffernan

Reputation: 613491

You also need to call SetAccessControl to apply the changes.

ds = di.GetAccessControl();
ds.AddAccessRule(fsar);
di.SetAccessControl(ds); // nothing happens until you do this

It seems that the examples on MSDN are sorely lacking in detail, as discussed here. I hacked the code from this article to get the following which behaves well:

static bool SetAcl()
{
    FileSystemRights Rights = FileSystemRights.FullControl;

    // *** Add Access Rule to the actual directory itself
    FileSystemAccessRule AccessRule = new FileSystemAccessRule("Users", Rights,
                                InheritanceFlags.None,
                                PropagationFlags.NoPropagateInherit,
                                AccessControlType.Allow);

    DirectoryInfo Info = new DirectoryInfo(destinationDirectory);
    DirectorySecurity Security = Info.GetAccessControl(AccessControlSections.Access);

    bool Result;
    Security.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);

    if (!Result)
        return false;

    // *** Always allow objects to inherit on a directory
    InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;

    // *** Add Access rule for the inheritance
    AccessRule = new FileSystemAccessRule("Users", Rights,
                                iFlags,
                                PropagationFlags.InheritOnly,
                                AccessControlType.Allow);
    
    Security.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);

    if (!Result)
        return false;

    Info.SetAccessControl(Security);

    return true;
}

Upvotes: 34

Timothée Lecomte
Timothée Lecomte

Reputation: 201

David Heffernan answer does not work on a non-English machine, where trying to set the permissions on "Users" fails with an IdentityNotMapped exception. The following code will work everywhere, by using WellKnownSidType.BuiltinUsersSid instead:

static void SetFullControlPermissionsToEveryone(string path)
{
    const FileSystemRights rights = FileSystemRights.FullControl;

    var allUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);

    // Add Access Rule to the actual directory itself
    var accessRule = new FileSystemAccessRule(
        allUsers,
        rights,
        InheritanceFlags.None,
        PropagationFlags.NoPropagateInherit,
        AccessControlType.Allow);

    var info = new DirectoryInfo(path);
    var security = info.GetAccessControl(AccessControlSections.Access);

    bool result;
    security.ModifyAccessRule(AccessControlModification.Set, accessRule, out result);

    if (!result)
    {
        throw new InvalidOperationException("Failed to give full-control permission to all users for path " + path);
    }

    // add inheritance
    var inheritedAccessRule = new FileSystemAccessRule(
        allUsers,
        rights,
        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
        PropagationFlags.InheritOnly,
        AccessControlType.Allow);

    bool inheritedResult;
    security.ModifyAccessRule(AccessControlModification.Add, inheritedAccessRule, out inheritedResult);

    if (!inheritedResult)
    {
        throw new InvalidOperationException("Failed to give full-control permission inheritance to all users for " + path);
    }

    info.SetAccessControl(security);
}

Upvotes: 20

Related Questions