设置要inheritance的文件的ACL
我在c#中寻找一种方法来重置文件的权限,以便从父项inheritance,就好像文件是创建或复制到该目录一样。
从文件的角度来看,我似乎无法找到任何内容(我找到了一个或两个目录的引用,但由于某种原因我无法将它们转换为文件)。 例如,C# – Windows ACL – 应用inheritance权限 。 但我不确定LOGON_USER_NAME的值应该是什么,并且我可以得到的是获得“无标志可以设置”的System.ArgumentExcpetion
我终于在这里找到了答案。 File.Move不会从目标目录inheritance权限?
var fs = File.GetAccessControl(destination); fs.SetAccessRuleProtection(false, false); File.SetAccessControl(destination, fs);
更新
虽然上面的代码片段确实添加了inheritance的权限,但它不会删除任何现有的显式权限。 我的最终代码看起来更像这样。
string destination = @""; FileInfo fileInfo; FileSecurity fileSecurity; FileSystemAccessRule fileRule; AuthorizationRuleCollection fileRules; fileInfo = new FileInfo(destination); fileSecurity = fileInfo.GetAccessControl(); fileSecurity.SetAccessRuleProtection(false, false); /* * Only fetch the explicit rules since I want to keep the inherited ones. Not * sure if the target type matters in this case since I am not examining the * IdentityReference. */ fileRules = fileSecurity.GetAccessRules(includeExplicit: true, includeInherited: false, targetType: typeof(NTAccount)); /* * fileRules is a AuthorizationRuleCollection object, which can contain objects * other than FileSystemAccessRule (in theory), but GetAccessRules should only * ever return a collection of FileSystemAccessRules, so we will just declare * rule explicitly as a FileSystemAccessRule. */ foreach (FileSystemAccessRule rule in fileRules) { /* * Remove any explicit permissions so we are just left with inherited ones. */ fileSecurity.RemoveAccessRule(rule); } fileInfo.SetAccessControl(fileSecurity);
更新2
或者,只需使用本页其他地方的TGasdf更简洁的3行解决方案……
删除显式权限的已接受答案对我来说感觉有点过于复杂,所以我尝试创建一个新的FileSecurity。 以下似乎可行,并且生成的权限仅使用inheritance的权限:
var fs = new System.Security.AccessControl.FileSecurity(); fs.SetAccessRuleProtection(false, false); File.SetAccessControl(destination, fs);