All geek questions in one place

Change object access properties via C #

After looking at the security event logs on Server 2003, I noticed that the event is being logged with a failure check. The category is Object Access, and the following Accesses are required:

READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
WriteData (or AddFile)
AppendData (or AddSubDirectory or CreatePipeInstance)

I can not find any documentation on how to program these properties. These failures are created using postgres and tomcat executables.

EDIT

protected FileSystemRights[] AppendFileSystemRights() { return new FileSystemRights[] { FileSystemRights.ReadAndExecute, FileSystemRights.WriteAttributes, FileSystemRights.Synchronize, FileSystemRights.ReadAttributes, FileSystemRights.ReadData }; } public void ApplySystemRight(string fileName, FileSystemRights[] rights) { if (string.IsNullOrEmpty(fileName)) { return; } if (rights == null || rights.Length <= 0) { return; } try { Console.WriteLine("ATTEMPTING TO OPEN THE FOLLOWING FILE: {0}", fileName); fileSec = File.GetAccessControl(fileName); for (int i = 0; i < rights.Length; i++) { Console.WriteLine("ATTEMPTING TO ADD THE FOLLOWING ACCESS RULE: {0} TO {1}", rights[i], fileName); fileSec.AddAccessRule(new FileSystemAccessRule(user, rights[i], AccessControlType.Allow)); } Console.WriteLine("ATTEMPTING TO SET THE PRECEDING ACCESS RULES: TO {0}", fileName); File.SetAccessControl(fileName, fileSec); } catch (UnauthorizedAccessException uae) { Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", uae.Message, fileName); } catch (ArgumentNullException ane) { Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", ane.Message, fileName); } catch (ArgumentException ae) { Console.WriteLine("CAUGHT THE FOLLOWING EXCEPTION: {0} \n WHILE PROCESSING: {1}", ae.Message, fileName); } }
+4
source share
3 answers

I suggest starting Process Monitor ( http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx ) when starting a process that causes an audit failure. This should indicate the specific resource that the process is trying to access. With this information, you can set resource permissions to allow requested access.

+2
source

This will result in a runtime error in the application that is trying to access the operating system resource. Windows 5 error, ERROR_ACCESS_DENIED. If you do not receive any diagnostics in the application log file, an event in the application event log or an explicit guided exception that tells you what went wrong, you will look for a needle in the haystack.

+1
source

You can use the FileSecurity class to programmatically change access control properties. But, of course, first you need to find out for which file or directory these properties should be changed.

+1
source

Source: https://habr.com/ru/post/1315663/

More articles:


All Articles