Remove all default file permissions

2020-06-23 09:48发布

问题:

I have an C# network application that prompts admins for network proxy authentication information. I ask the user if they want to save this information, which if they choose yes, I encrypt in a unique local file for the user. I would then like to remove all file permissions except the user that created it, but all other users to have the ability to delete the file.

Now, I found MS article below, but it's not helping if I don't know the default users that were setup on the file in the first place. Is there a remove all file permissions? I can then add the individual rights I'm wanting to setup for full access by current user and delete permissions for "All Users" or "Authenticated Users", which looks to be different depending on version of Windows. http://msdn.microsoft.com/en-us/library/system.io.file.setaccesscontrol.aspx

回答1:

I figured it out..

    public void SetFileSecurity(String filePath, String domainName, String userName)
    {
        //get file info
        FileInfo fi = new FileInfo(filePath);

        //get security access
        FileSecurity fs = fi.GetAccessControl();

        //remove any inherited access
        fs.SetAccessRuleProtection(true, false);

        //get any special user access
        AuthorizationRuleCollection rules = fs.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));

        //remove any special access
        foreach (FileSystemAccessRule rule in rules)
            fs.RemoveAccessRule(rule);

        //add current user with full control.
        fs.AddAccessRule(new FileSystemAccessRule(domainName + "\\" + userName, FileSystemRights.FullControl, AccessControlType.Allow));

        //add all other users delete only permissions.
        fs.AddAccessRule(new FileSystemAccessRule("Authenticated Users", FileSystemRights.Delete, AccessControlType.Allow));

        //flush security access.
        File.SetAccessControl(filePath, fs);
    }


回答2:

Impersonation may be help you to solve this out.

The term "Impersonation" in a programming context refers to a technique that executes the code under another user context than the user who originally started an application, i.e. the user context is temporarily changed once or multiple times during the execution of an application.

click Here to see implimentation



回答3:

If you need to remove for the specific group , you can use this method ;

public static void RemoveGroupPermission(string path, string group_name)
{
      long begin = Datetime.Now.Ticks;

      DirectoryInfo dirInfo = new DirectoryInfo(path);

      DirectorySecurity dirSecurity = dirInfo.GetAccessControl();

      dirSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(Environment.UserDomainName +
                                                              @"\" + group_name, 0, 0));

      dirInfo.SetAccessControl(dirSecurity);

      long end = DateTime.Now.Ticks;

      Console.WriteLine("Tick : " + (end - begin));

}