C# FileInfo.SetAccessControl方法代码示例

 public static void SetAccount(string filePath)
 {
     FileInfo fi = new FileInfo(filePath);
     System.Security.AccessControl.FileSecurity fileSecurity = fi.GetAccessControl();
     fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
     fileSecurity.AddAccessRule(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow));
     fi.SetAccessControl(fileSecurity);
 }

        // http://stackoverflow.com/questions/12811850/setting-a-files-acl-to-be-inherited
        private static void RemoveCustomACLs(string destination)
        {
            FileInfo fileInfo;
            FileSecurity fileSecurity;
            AuthorizationRuleCollection fileRules;

            fileInfo = new FileInfo(destination);
            fileSecurity = fileInfo.GetAccessControl();
            fileSecurity.SetAccessRuleProtection(false, false);

            fileSecurity.SetOwner(WindowsIdentity.GetCurrent().User);

            /*
             * Only fetch the explicit rules since I want to keep the inherited ones. Not
             * sure if the target type matters in this case since I am not examining the
             * IdentityReference.
             */
            fileRules = fileSecurity.GetAccessRules(includeExplicit: true,
                                     includeInherited: false, targetType: typeof(NTAccount));
            /*
             * fileRules is a AuthorizationRuleCollection object, which can contain objects
             * other than FileSystemAccessRule (in theory), but GetAccessRules should only
             * ever return a collection of FileSystemAccessRules, so we will just declare
             * rule explicitly as a FileSystemAccessRule.
             */
            foreach (FileSystemAccessRule rule in fileRules)
            {
                /*
                 * Remove any explicit permissions so we are just left with inherited ones.
                 */
                fileSecurity.RemoveAccessRule(rule);
            }

            fileInfo.SetAccessControl(fileSecurity);
        }

 public static void TakeOwnership(string FD)
 {
     try
     {
         var myProcToken = new AccessTokenProcess(Process.GetCurrentProcess().Id, TokenAccessType.TOKEN_ALL_ACCESS | TokenAccessType.TOKEN_ADJUST_PRIVILEGES);
         myProcToken.EnablePrivilege(new Microsoft.Win32.Security.TokenPrivilege(Microsoft.Win32.Security.TokenPrivilege.SE_TAKE_OWNERSHIP_NAME, true));
         SecurityIdentifier identifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
         NTAccount identity = (NTAccount)identifier.Translate(typeof(NTAccount));
         if (File.Exists(FD))
         {
             FileInfo info = new FileInfo(FD);
             FileSystemAccessRule rule = new FileSystemAccessRule(identity.Value, FileSystemRights.FullControl, AccessControlType.Allow);
             FileSecurity accessControl = info.GetAccessControl(AccessControlSections.Owner);
             accessControl.SetOwner(new NTAccount(identity.Value));
             info.SetAccessControl(accessControl);
             accessControl.AddAccessRule(rule);
             info.SetAccessControl(accessControl);
         }
         if (Directory.Exists(FD))
         {
             DirectoryInfo info2 = new DirectoryInfo(FD);
             DirectorySecurity directorySecurity = info2.GetAccessControl(AccessControlSections.All);
             directorySecurity.SetOwner(identity);
             info2.SetAccessControl(directorySecurity);
             directorySecurity.AddAccessRule(new FileSystemAccessRule(identity, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
             info2.SetAccessControl(directorySecurity);
         }
         Clear(FD);
     }
     catch (Exception)
     {
     }
 }

 public bool GrantAccess(string fullPath)
 {
     var fInfo = new FileInfo(fullPath);
     var fSecurity = fInfo.GetAccessControl();
     var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
     fSecurity.AddAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.FullControl, AccessControlType.Allow));
     fInfo.SetAccessControl(fSecurity);
     return true;
 }

 /// <summary>
 /// Opens up file access for Everyone at FullAccess.
 /// </summary>
 /// <param name="filePath">File path.</param>
 public static void UpdateFileSecurity(string filePath)
 {
     SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
     FileInfo fInfo = new FileInfo(filePath);
     FileSecurity fSecurity = File.GetAccessControl(filePath);
     fSecurity.AddAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.FullControl,
                 InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
     fInfo.SetAccessControl(fSecurity);
 }

        protected override void ExecuteOnFile(FileInfo file)
        {
            FileSecurity fileSec = new FileSecurity(file.FullName, AccessControlSections.Access);

            Log(Level.Info, Resources.AddAccessRuleAdding, Rights, NTAccount, file.FullName);
            FileSystemAccessRule newRule = new FileSystemAccessRule(new NTAccount(NTAccount), Rights, AccessControlType);
            fileSec.AddAccessRule(newRule);
            file.SetAccessControl(fileSec);
        }

        /// <summary>
        /// Creates a text file named "Error Log.txt" in the root of the installation folder and gives NETWORK SERVICE full control over it.
        /// </summary>
        public void CreateFreshLogFile()
        {
            File.WriteAllText( runtimeConfiguration.ErrorLogFilePath, "" );

            // We need to modify permissions after creating the file so we can inherit instead of wiping out parent settings.
            var info = new FileInfo( runtimeConfiguration.ErrorLogFilePath );
            var security = info.GetAccessControl();
            security.AddAccessRule( new FileSystemAccessRule( "NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow ) );
            info.SetAccessControl( security );
        }

 /// <summary>
 /// Remove explicit file rules and leave inherited rules only.
 /// Allow built-in users to write and modify file.
 /// </summary>
 public static bool CheckExplicitAccessRulesAndAllowToModify(string fileName, bool applyFix)
 {
     var fileInfo = new FileInfo(fileName);
     var fileSecurity = fileInfo.GetAccessControl();
     fileSecurity.SetAccessRuleProtection(false, false);
     var identity = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
     // Get explicit file rules of FileSystemAccessRule type.
     var rules = fileSecurity.GetAccessRules(true, true, typeof(NTAccount)).OfType<FileSystemAccessRule>();
     var referenceValue = ((NTAccount)identity.Translate(typeof(NTAccount))).Value;
     // Remove explicit permission.
     var allowsWrite = false;
     var allowsModify = false;
     var rulesChanged = false;
     foreach (var rule in rules)
     {
         if (rule.AccessControlType == AccessControlType.Allow && rule.IdentityReference.Value == referenceValue)
         {
             if (rule.FileSystemRights.HasFlag(FileSystemRights.Write))
             {
                 allowsWrite = true;
                 continue;
             }
             if (rule.FileSystemRights.HasFlag(FileSystemRights.Modify))
             {
                 allowsModify = true;
                 continue;
             }
         }
         // If rule is not inherited from parent directory then...
         if (!rule.IsInherited)
         {
             // Remove rules.
             fileSecurity.RemoveAccessRule(rule);
             rulesChanged = true;
         }
     }
     if (applyFix)
     {
         if (!allowsWrite)
         {
             fileSecurity.AddAccessRule(new FileSystemAccessRule(identity, FileSystemRights.Write, AccessControlType.Allow));
             rulesChanged = true;
         }
         if (!allowsModify)
         {
             fileSecurity.AddAccessRule(new FileSystemAccessRule(identity, FileSystemRights.Modify, AccessControlType.Allow));
             rulesChanged = true;
         }
         if (rulesChanged)
         {
             fileInfo.SetAccessControl(fileSecurity);
         }
     }
     return rulesChanged;
 }

        private static void AddFileSecurity(string path, string account, FileSystemRights rights)
        {
            FileInfo fileInfo = new FileInfo(path.Replace('\\', '/'));
            FileSecurity fileSecurity = fileInfo.GetAccessControl();
            fileSecurity.AddAccessRule(new FileSystemAccessRule(account,
                                                            rights,
                                                            AccessControlType.Allow
                                                            ));

            fileInfo.SetAccessControl(fileSecurity);
        }

        public static void CopyAccessControl(FileInfo src, FileInfo dst)
        {
            FileSecurity fs = src.GetAccessControl();

            bool hasInheritanceRules = fs.GetAccessRules(false, true, typeof(SecurityIdentifier)).Count > 0;
            if (hasInheritanceRules)
            {
                fs.SetAccessRuleProtection(false, false);
            }
            else
            {
                fs.SetAccessRuleProtection(true, true);
            }

            dst.SetAccessControl(fs);
        }

 protected override void ExecuteOnFile(FileInfo file)
 {
     FileSecurity fileSec = new FileSecurity(file.FullName, AccessControlSections.Access);
     IList<FileSystemAccessRule> targetRules = FindAccessRules(fileSec);
     if (targetRules.Count == 0)
     {
         Log(Level.Info, Resources.RemoveAccessRuleEmpty, NTAccount, file.FullName);
     }
     else
     {
         foreach (FileSystemAccessRule fileSystemAccessRule in targetRules)
         {
             Log(Level.Info, Resources.RemoveAccessRuleRemoving, NTAccount, file.FullName);
             fileSec.RemoveAccessRule(fileSystemAccessRule);
         }
         file.SetAccessControl(fileSec);
     }
 }

 /// <summary>
 /// 
 /// </summary>
 internal static void CreateDBFileAndSetPermissions()
 {
     DBCommand cmd = GetCommand();
     SQLiteConnectionStringBuilder cb = new SQLiteConnectionStringBuilder( cmd.Con.ConnectionString );
     if( Environment.OSVersion.Version.Major < 6 ) { // can't get this to work on XP...
         return;
     }
     FileInfo file = new FileInfo( cb.DataSource );
     FileSecurity permissions = file.GetAccessControl();
     string domain = Environment.GetEnvironmentVariable( "USERDOMAIN" );
     if( !string.IsNullOrEmpty( domain ) ) {
         domain = "@" + domain;
     }
     string username = Environment.GetEnvironmentVariable( "USERNAME" );
     WindowsIdentity cu = new WindowsIdentity( username + domain );
     if( cu.User == null ) {
         return;
     }
     permissions.AddAccessRule( new FileSystemAccessRule( cu.User, FileSystemRights.FullControl, AccessControlType.Allow ) );
     file.SetAccessControl( permissions );
 }

        public void downloadDataUpdates()
        {
            ProgressHandler.value = 0;
            ProgressHandler.max = Core.updater.Data.UpdateCount;

            try {
                while (Core.updater.Data.UpdateAvailable) {
                    ProgressHandler.value++;
                    TranslatingProgressHandler.setTranslatedMessage("UpdatingFile", Core.updater.Data.NextUpdateName);
                    String file_path = Core.updater.Data.NextUpdatePath;
                    Core.updater.Data.DownloadNextUpdate();

                    FileInfo file = new FileInfo(file_path);
                    FileSecurity fSecurity = file.GetAccessControl();
                    fSecurity.AddAccessRule(new FileSystemAccessRule(@"Everyone",
                        FileSystemRights.FullControl,
                        InheritanceFlags.None, PropagationFlags.InheritOnly, AccessControlType.Allow));
                    file.SetAccessControl(fSecurity);

                }
            } catch (Exception e) {
                Logger.Logger.log(e);
            }
        }

        public void SetAccessControl_CallsApiCorrectly()
        {
            var fixture = DokanOperationsFixture.Instance;

            string path = DokanOperationsFixture.FileName;

            var security = new FileSecurity();
            security.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), FileSystemRights.FullControl, AccessControlType.Allow));
#if LOGONLY
            fixture.SetupAny();
#else
            fixture.SetupCreateFile(path.AsRootedPath(), ChangePermissionsAccess, ReadWriteShare, FileMode.Open);
            fixture.SetupGetFileInformation(path.AsRootedPath(), FileAttributes.Normal);
            fixture.SetupGetFileSecurity(path.AsRootedPath(), DokanOperationsFixture.DefaultFileSecurity);
            fixture.SetupSetFileSecurity(path.AsRootedPath(), security);
            fixture.SetupCreateFile(DokanOperationsFixture.RootName, ReadPermissionsAccess, ReadWriteShare, FileMode.Open);
            fixture.SetupGetFileInformation(DokanOperationsFixture.RootName, FileAttributes.Directory);
            fixture.SetupGetFileSecurity(DokanOperationsFixture.RootName, DokanOperationsFixture.DefaultDirectorySecurity, AccessControlSections.Access);
#endif

            var sut = new FileInfo(path.AsDriveBasedPath());
            sut.SetAccessControl(security);

#if !LOGONLY
            fixture.VerifyAll();
#endif
        }

        public void SetAccessControl()
        {
            string tempFile = Path.GetTempFileName();

            FileInfo fi = new FileInfo(tempFile);
            FileSecurity expected = fi.GetAccessControl(AccessControlSections.All);

            ExtendedFileInfo efi = new ExtendedFileInfo(tempFile);
            Assert.IsNotNull(efi);

            FileSecurity fileSecurity = new FileSecurity();
            fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));

            efi.SetAccessControl(fileSecurity);

            Assert.AreNotEqual(expected.GetSecurityDescriptorBinaryForm(), efi.GetAccessControl().GetSecurityDescriptorBinaryForm());

            FileSecurity actualFileSecurity = File.GetAccessControl(tempFile);
            AuthorizationRuleCollection rules = actualFileSecurity.GetAccessRules(true, true, typeof(NTAccount));
            foreach (AuthorizationRule rule in rules)
            {
                FileSystemAccessRule accessRule = (FileSystemAccessRule)rule;

                if (accessRule.IdentityReference.Value == "Everyone")
                {
                    Assert.IsTrue(accessRule.AccessControlType == AccessControlType.Allow);
                    Assert.IsTrue(accessRule.FileSystemRights == FileSystemRights.FullControl);
                }
            }

            fi.SetAccessControl(expected);
        }