1. 首页
  2. 问答
  3. 使用ACL为一个用户创建一个文件夹

使用ACL为一个用户创建一个文件夹

2012-07-09 86 views
0

我想为特定用户设置一个文件夹为只读,他不应该能够编辑或删除它,我尝试了下面的代码,但它不工作,什么变化做我需要为它使用ACL为一个用户创建一个文件夹

try 
{ 
    string folderPath = textBox1.Text; 
    string username = comboBox1.SelectedItem.ToString(); 
    DirectorySecurity ds = Directory.GetAccessControl(folderPath); 
    FileSystemAccessRule fsa = 
     new FileSystemAccessRule(username, 
            FileSystemRights.ReadAndExecute, 
            AccessControlType.Allow); 
    ds.AddAccessRule(fsa); 
    Directory.SetAccessControl(folderPath, ds); 
    MessageBox.Show("ReadOnly"); 
} 
catch (Exception ex) 
{ 
    MessageBox.Show(ex.Message); 
}

来源

2012-07-09 always v

回答

2

该用户可能通过一组如Everyone的成员继承到文件夹的其他权利,所以设置一个允许规则只允许他做一些他已经可以做。

例子:

 
- Root 
    [Allow: read/write (Everyone)] 
    - ParentFolder 
    [Allow: read/write (Everyone) - inherited from Root] 
    - RestrictedFolder 
     [Allow: read/write (Everyone) - inherited from Root] 
     [Allow: read (Restricted User) - this has no effect!]

你可能想设置一个拒绝规则,而。这应该确保阻止用户写入或删除文件夹,而不考虑允许写入的组的继承权限或成员身份。

DirectorySecurity ds = Directory.GetAccessControl(folderPath); 
FileSystemRights allExceptRead = 
    FileSystemRights.FullControl & ~FileSystemRights.ReadAndExecute; 
// Use AccessControlType.Deny instead of Allow. 
FileSystemAccessRule fsa = new FileSystemAccessRule(username, 
                allExceptRead, 
                AccessControlType.Deny); 
ds.AddAccessRule(fsa); 
Directory.SetAccessControl(folderPath, ds);

所以事后,层次结构如下所示:

 
- Root 
    [Allow: read/write (Everyone)] 
    - ParentFolder 
    [Allow: read/write (Everyone) - inherited from Root] 
    - RestrictedFolder 
     [Deny: write (Restricted User) - This overrides the inherited permission] 
     [Allow: read/write (Everyone) - inherited from Root]

如果用户是不是已经允许读通过继承或组成员的文件夹中的机会,那么你将不得不添加两条访问规则,就像你已经(明确允许阅读)和另一个像我的(明确地防止除了阅读之外的任何东西)一样。例如层次算账:

 
- Root 
    [Allow: read/write (Everyone)] 
    - ParentFolder 
    [Allow: read/write (Everyone)] 
    // Prevent ParentFolder's permissions from propagating to child 
    [Prevent child folders from inheriting permissions] 
    - RestrictedFolder 
     [Deny: write (Restricted User)] 
     // Note the "Everyone" permission is not inherited. 
     // Without explicitly allowing read, the user can do nothing to this folder 
     [Allow: read (Restricted User) - Explicitly allow reading]

更新

this link,否认该文件夹本身Delete权限是不够的。您还需要在文件夹的父级文件夹上拒绝Delete subfolders and files。所以,你的文件夹层次结构必须是这样的:

 
- Root 
    [Allow: read/write (Everyone)] 
    - ParentFolder 
    [Deny: delete subfolders and files (Restricted User)] 
    [Allow: read/write (Everyone) - inherited from Root] 
    - RestrictedFolder 
     [Deny: write (Restricted User) - This overrides the inherited permission] 
     [Allow: read/write (Everyone) - inherited from Root]

来源

2012-07-09 12:51:51 shambulator

+0

即便是使用下面的代码IM能够删除的文件夹 – 2012-07-10 08:39:03

+0

@alwaysv后,我已经更新了我更多一些信息的答案。 – shambulator 2012-07-10 11:46:41

+0

检查出来,你能告诉我实际上我需要进行更改吗? – 2012-07-10 11:50:30

相关问题

 相关问题