Directory Security

Question

Directory Security

My application creates a directory so that I can store log files in it. I am adding user security to the directory, but I do not know how to do this. For example, I add the user everyone to the directory with read and write access, but when my application then creates a log file in this directory, the log file did not inherit the security of everyone (read, write).

What am I missing?

 DirectorySecurity dirSec = Directory.GetAccessControl(_dbPath); dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.ReadAndExecute, AccessControlType.Allow)); dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.CreateFiles, AccessControlType.Allow)); Directory.SetAccessControl(_dbPath, dirSec);

+6

security c #

David Nov 28 '09 at 13:21

source share

2 answers

On MSDN, under DirectorySecurity, it has the following line:

 Use the FileSecurity class to retrieve, add, or change the access rules that represent the DACL and SACL of a file.

I think this is what you need to look to modify the ACL of the file ...

MSDN Ref: http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.directorysecurity.aspx

0

Tony the lion Nov 28 '09 at 14:53

source share

Larry osterman · Accepted Answer · 2009-11-28T20:00:18+0000

You are almost there. What you are missing is an AuthorizationRule.InheritanceFlags flag - by default, ACEs are not inherited, but if you add the InheritanceFlags attribute, the ACE will become inherited.

Directory Security

More articles: