9

My app is creating a directory so that I can store log files in it. I'm adding user security to the directory, but I don't know how to make it propagate. For example, I'm adding the user everyone to the directory, with read and write access, but when my app then create a log file in this directory, the log file has not inherited the everyone security (read, write).

What am I missing?

DirectorySecurity dirSec = Directory.GetAccessControl(_dbPath);
dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow));
dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.ReadAndExecute, AccessControlType.Allow));
dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.CreateFiles, AccessControlType.Allow));
Directory.SetAccessControl(_dbPath, dirSec);
Pierre Arnaud
  • 10,212
  • 11
  • 77
  • 108
David
  • 1,435
  • 4
  • 13
  • 17
  • 1
    Beware that "Everyone" won't work if the system is not running in English, as this name is localized on other systems (e.g. "Tout le monde" on a French OS). See http://stackoverflow.com/questions/5298905/add-everyone-privilege-to-folder-using-c-net for a solution to that problem. – Pierre Arnaud Apr 19 '13 at 16:33

2 Answers2

5

You're almost there. The thing you're missing is the AuthorizationRule.InheritanceFlags flag - by default ACEs aren't inheritable, but if you add the InheritanceFlags attribute the ACEs will become inheritable.

Larry Osterman
  • 16,086
  • 32
  • 60
0

In MSDN under the DirectorySecurity it has this line:

Use the FileSecurity class to retrieve, add, or change the access rules that represent the DACL and SACL of a file.

I think that is what you need to look at to change the ACL of a file...

MSDN Ref: http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.directorysecurity.aspx

Tony The Lion
  • 61,704
  • 67
  • 242
  • 415