File handling with non-administrative user

2019-07-27 22:49发布

问题:

I've been testing my application to see how well it works when run by a non-administrative user, and I have found problems with file handling. I am getting an UnauthorizedAccessException when trying to overwrite a file, if the file was created by and adminstrative user.

When writing out the file I first create the file as a .tmp file, then use File.Copy to overwrite the original. The .tmp file gets created, but File.Copy fails. My files are written to a public directory ("C:\Documents and Settings\All Users\Application Data" in XP).

What can I do so that all users can have full control of the application files?

I've found this:

        System.Security.AccessControl.DirectorySecurity sec =  
                                System.IO.Directory.GetAccessControl ( directory );  
        FileSystemAccessRule accRule = new FileSystemAccessRule ( Globals.userIdentity,  
             FileSystemRights.FullControl, AccessControlType.Allow );  
        sec.AddAccessRule ( accRule );  

Will doing the above to the directory that all the files are located in solve this problem? Or will I have to do something to each file? If so what is that something?

Edit:

Non-admin users cannot modify files created by an admin user. This is not good. I need for all files to be editable by all users. Is there not some sort of permissions that can be set when the file is originally created that will grant this?

回答1:

I just checked the permissions on the All Users\Application Data directory. The "Users" and "Power Users" ACLs do not have the "Delete Subfolders and Files" permission.

They can delete their own files because the "CREATOR OWNER" ACL has Full Control.

As for how to get around this, you could give everyone all access, but a better idea would be to grant the "Users" & "Power Users" ACLs the "Delete Subfolders and Files" permission on your app's appdata directory.

Alternately, you could assign the "Delete" and "Modify" permissions on the file itself for "Users" and "Power Users" when it's created.



回答2:

This code would give the user full access rights to the folder, however, this might fail on security again.

The best way to make sure your application can always store information is trough the IsolatedStorage. However if you need access to your files outside your application then this is not the best solution.



回答3:

How about if you use similar code to give everyone full access to the file after it has been created ? If I understand you correctly the files will always be created with your application, right ? Then the user that creates the file in the first place will also have rights to adjust security settings for the file. Then it's just a question of setting public rights to the file once it is created and all users are able to replace the file later on.