1. 首页
  2. 问答
  3. 文件权限不会继承目录权限

文件权限不会继承目录权限

2009-10-07 230 views
5

我有一个程序为用户输出创建安全目录。这工作正常,但我在其中创建的文件(或复制到它)结束了只有管理员访问。文件权限不会继承目录权限

DirectoryInfo outputDirectory = 
      baseOutputDirectory.CreateSubdirectory(outputDirectoryName, 
      GetDirectorySecurity(searchHits.Request.UserId)); 

... 

private DirectorySecurity GetDirectorySecurity(string owner) 
{ 
    const string LOG_SOURCE = "GetDirectorySecurity"; 
    DirectorySecurity ds = new DirectorySecurity(); 

    System.Security.Principal.NTAccount ownerAccount = 
     new System.Security.Principal.NTAccount(owner); 

    ds.SetOwner(ownerAccount); 

    ds.AddAccessRule(
     new FileSystemAccessRule(owner, 
     FileSystemRights.FullControl, 
     AccessControlType.Allow)); 

    //AdminUsers is a List<string> that contains a list from configuration 
    // That represents the admins who should be allowed 
    foreach (string adminUser in AdminUsers) 
    { 
     ds.AddAccessRule(
      new FileSystemAccessRule(adminUser, 
      FileSystemRights.FullControl, 
      AccessControlType.Allow)); 
    } 
    return ds; 
} 

/// <summary> 
/// This method copies any static supporting files, such as javascripts 
/// </summary> 
/// <param name="outputDirectory"></param> 
private void CopySupportingFiles(DirectoryInfo outputDirectory) 
{ 
    foreach (FileInfo file in SupportingFiles) 
    { 
     file.CopyTo(
      Path.Combine(outputDirectory.FullName, file.Name)); 
    } 
}

等,等,等

我在做什么错?为什么权限级联?

来源

2009-10-07 C. Ross

回答

3

看起来你应该设置InheritanceFlagsPropagationFlags当设置DirectorySecurity(我相信它会覆盖你手动设置的任何东西)。

private DirectorySecurity GetDirectorySecurity(string owner) 
{ 
    const string LOG_SOURCE = "GetDirectorySecurity"; 
    DirectorySecurity ds = new DirectorySecurity(); 

    System.Security.Principal.NTAccount ownerAccount = 
     new System.Security.Principal.NTAccount(owner); 

    ds.SetOwner(ownerAccount); 

    ds.AddAccessRule(
     new FileSystemAccessRule(owner, 
     FileSystemRights.FullControl, 
     InheritanceFlags.ObjectInherit, 
     PropagationFlags.InheritOnly, 
     AccessControlType.Allow)); 

    //AdminUsers is a List<string> that contains a list from configuration 
    // That represents the admins who should be allowed 
    foreach (string adminUser in AdminUsers) 
    { 
     ds.AddAccessRule(
      new FileSystemAccessRule(adminUser, 
      FileSystemRights.FullControl, 
      InheritanceFlags.ObjectInherit, 
      PropagationFlags.InheritOnly, 
      AccessControlType.Allow)); 
    } 
    return ds; 
}

来源

2009-10-07 15:37:23 scottm

+0

这很有道理,让我试试吧。 – 2009-10-07 16:53:53

相关问题

 相关问题