public class PermissionManager { /// <summary> /// 为文件添加users,everyone用户组的完全控制权限 /// </summary> /// <param name="filePath"></param> public static void AddSecurityControll2File(string filePath) { //获取文件信息 FileInfo fileInfo = new FileInfo(filePath); //获得该文件的访问权限 System.Security.AccessControl.FileSecurity fileSecurity = fileInfo.GetAccessControl(); //添加ereryone用户组的访问权限规则 完全控制权限 fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone",FileSystemRights.FullControl,AccessControlType.Allow)); //添加Users用户组的访问权限规则 完全控制权限 fileSecurity.AddAccessRule(new FileSystemAccessRule("Users",AccessControlType.Allow)); //设置访问权限 fileInfo.SetAccessControl(fileSecurity); } /// <summary> ///为文件夹添加users,everyone用户组的完全控制权限 /// </summary> /// <param name="dirPath"></param> public static void AddSecurityControll2Folder(string dirPath) { //获取文件夹信息 DirectoryInfo dir = new DirectoryInfo(dirPath); //获得该文件夹的所有访问权限 System.Security.AccessControl.DirectorySecurity dirsecurity = dir.GetAccessControl(AccessControlSections.All); //设定文件ACL继承 InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; //添加ereryone用户组的访问权限规则 完全控制权限 FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone",inherits,PropagationFlags.None,AccessControlType.Allow); //添加Users用户组的访问权限规则 完全控制权限 FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users",AccessControlType.Allow); bool isModified = false; dirsecurity.ModifyAccessRule(AccessControlModification.Add,everyoneFileSystemAccessRule,out isModified); dirsecurity.ModifyAccessRule(AccessControlModification.Add,usersFileSystemAccessRule,out isModified); //设置访问权限 dir.SetAccessControl(dirsecurity); } /// <summary> /// 为文件夹移除某个用户的权限 /// </summary> /// <param name="dirName"></param> /// <param name="username"></param> static void removePermissions(string dirName,string username) { string user = System.Environment.UserDomainName + "\\" + username; DirectoryInfo dirinfo = new DirectoryInfo(dirName); DirectorySecurity dsec = dirinfo.GetAccessControl(AccessControlSections.All); AuthorizationRuleCollection rules = dsec.GetAccessRules(true,true,typeof(System.Security.Principal.NTAccount)); foreach (AccessRule rule in rules) { if (rule.IdentityReference.Value == user) { bool value; dsec.PurgeAccessRules(rule.IdentityReference); dsec.ModifyAccessRule(AccessControlModification.RemoveAll,rule,out value); } } } /// <summary> /// 项目中用,文件夹只保留everyone权限,其中允许用户读,但不允许写 /// by the way,代码结果是给文件夹一个特殊权限,点进去高级看,会发现这个特殊权限的子项和写入权限的子项是一样的 /// </summary> /// <param name="dirName"></param> public static void OnlyKeepEveryonePermissionsWithWriteNotAllowed(string dirName) { DirectoryInfo dirinfo = new DirectoryInfo(dirName); DirectorySecurity objSecObj = dirinfo.GetAccessControl(); AuthorizationRuleCollection acl = objSecObj.GetAccessRules(true,true,typeof(System.Security.Principal.NTAccount)); objSecObj.SetAccessRuleProtection(true,false); //to remove inherited permissions foreach (FileSystemAccessRule ace in acl) //to remove any other permission { objSecObj.PurgeAccessRules(ace.IdentityReference); //same as use objSecObj.RemoveAccessRuleSpecific(ace); } InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone",FileSystemRights.ReadAndExecute | FileSystemRights.ListDirectory | FileSystemRights.Read,AccessControlType.Allow); FileSystemAccessRule everyoneFileSystemAccessRule2 = new FileSystemAccessRule("Everyone",FileSystemRights.Write,AccessControlType.Deny); bool isModified = false; objSecObj.ModifyAccessRule(AccessControlModification.Add,everyoneFileSystemAccessRule2,out isModified); objSecObj.ModifyAccessRule(AccessControlModification.Add,out isModified); dirinfo.SetAccessControl(objSecObj); } }
写入:
其实权限是一样的
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
