using System.IO;
using System.Security.AccessControl;
namespace Bruce.Lib
{
public class DirectoryPermissions
{
private static void Main(string[] args)
{
string ADDomain = "Domain";
string ADUser = "Chris";
string Path = @"c:\temp\chris";
if (Directory.Exists(Path) == false)
Directory.CreateDirectory(Path);
// Remove any inheritable permissions from the path
RemoveInheritablePermissons(Path);
// Add the access control entries for the path
AddDirectorySecurity(Path, ADDomain + "\\" + ADUser, FileSystemRights.Modify,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
AddDirectorySecurity(Path, ADDomain + "\\Domain Users", FileSystemRights.Delete, InheritanceFlags.None,
PropagationFlags.None, AccessControlType.Deny);
AddDirectorySecurity(Path, ADDomain + "\\Domain Admins", FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
}
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights,
InheritanceFlags Inheritance, PropagationFlags Propogation,
AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
Inheritance,
Propogation,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights,
AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveInheritablePermissons(string FileName)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
const bool IsProtected = true;
const bool PreserveInheritance = false;
dSecurity.SetAccessRuleProtection(IsProtected, PreserveInheritance);
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
}
}
2009/04/08
About ACL control.
reference : http://blog.crowe.co.nz/archive/2007/08/25/c---An-example-of-setting-NTFS-Directory--File.aspx