79

I have used the code below to allow Everyone access to a folder:

System.Security.AccessControl.DirectorySecurity sec =
    System.IO.Directory.GetAccessControl(directory, AccessControlSections.All);
FileSystemAccessRule accRule = new FileSystemAccessRule("Everyone",
                                       FileSystemRights.Modify,
                                       AccessControlType.Allow);
sec.AddAccessRule(accRule);    // setACL
sec.ResetAccessRule(accRule);

Now, the Everyone user is added to the folder, but not with any rights assigned. All the read, write, execute etc. checkboxes are not checked.

Andrei Prigorshnev
  • 588
  • 5
  • 14
Suresh Chaudhary
  • 1,609
  • 5
  • 25
  • 40
  • are you missing a SetAccessControl call? http://msdn.microsoft.com/en-us/library/w7a2he6c.aspx?appId=Dev10IDEF1&l=EN-US&k=k(SYSTEM.IO.DIRECTORY.GETACCESSCONTROL);k(TargetFrameworkMoniker-%22.NETFRAMEWORK&k=VERSION=V4.0%22);k(DevLang-CSHARP)&rd=true – Massif Mar 14 '11 at 13:15
  • i did that but still the right checkbox are not checked. – Suresh Chaudhary Mar 14 '11 at 13:27
  • Note that AccessControlSections.All usually requires administrator privileges, otherwise you may get an exception with this message: "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation." Since you are changing access rules (not audit), use AccessControlSections.Access. – tachylatus Jun 23 '17 at 15:04

3 Answers3

144

First thing I want to tell you is how I found this solution. This is probably more important than the answer because file permissions are hard to get correct.

First thing I did was set the permissions I wanted using the Windows dialogs and checkboxes. I added a rule for "Everyone" and ticked all boxes except "Full Control".

Then I wrote this C# code to tell me exactly what parameters I need to duplicate the Windows settings:

string path = @"C:\Users\you\Desktop\perms"; // path to directory whose settings you have already correctly configured
DirectorySecurity sec = Directory.GetAccessControl(path);
foreach (FileSystemAccessRule acr in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) {
    Console.WriteLine("{0} | {1} | {2} | {3} | {4}", acr.IdentityReference.Value, acr.FileSystemRights, acr.InheritanceFlags, acr.PropagationFlags, acr.AccessControlType);
}

This gave me this line of output:

Everyone | Modify, Synchronize | ContainerInherit, ObjectInherit | None | Allow

So the solution is simple (yet hard to get right if you don't know what to look for!):

DirectorySecurity sec = Directory.GetAccessControl(path);
// Using this instead of the "Everyone" string means we work on non-English systems.
SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
sec.AddAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.Modify | FileSystemRights.Synchronize, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
Directory.SetAccessControl(path, sec);

This will make the checkboxes on the Windows security dialog match what you have already set for your test directory.

nawfal
  • 70,104
  • 56
  • 326
  • 368
Yoshi
  • 3,325
  • 1
  • 19
  • 24
  • 45
    Note that "Everyone" will not work on non-english versions of windows. Instead you should use `System.Security.Principal.WellKnownSidType.WorldSid`. – Rory Jun 22 '11 at 15:36
  • @Rory: thank you for this - because it didn't work with "everyone" for me (on a German Windows 2008 Server) - but with WellKnownSidType it worked perfectly – bernhardrusch Apr 03 '13 at 06:35
  • I recommend running this code inside a background worker and set a picturebox preloader gif. Because if folder has many files/sub-folders that could take a while before the permissions are changed. And the background worker runs that task in another thread to prevent your form from freezing. – MrJack Mcfreder Aug 31 '18 at 10:24
  • GetAccessControl(path) is not found for Directory. Anyone got the same error? – anhtv13 Sep 25 '19 at 08:43
  • @anhtv13 make sure you have `using System.IO;` at the top of your file and your project is targeting the .NET framework (not .NET core). – Yoshi Sep 26 '19 at 02:54
  • My project is .Net core, is there any way to grant permission for .Net core project? – anhtv13 Sep 26 '19 at 02:59
  • @anhtv13 perhaps this will help: https://stackoverflow.com/questions/40449973/how-to-modify-file-access-control-in-net-core – Yoshi Sep 26 '19 at 03:40
17

The below code checks for the folder existence, if not created, creates one. And then sets every user- permission of that folder with full permission (read & write).

string file = @"D:\Richi";     
private static void GrantAccess(string file)
            {
                bool exists = System.IO.Directory.Exists(file);
                if (!exists)
                {
                    DirectoryInfo di = System.IO.Directory.CreateDirectory(file);
                    Console.WriteLine("The Folder is created Sucessfully");
                }
                else
                {
                    Console.WriteLine("The Folder already exists");
                }
                DirectoryInfo dInfo = new DirectoryInfo(file);
                DirectorySecurity dSecurity = dInfo.GetAccessControl();
                dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
                dInfo.SetAccessControl(dSecurity);

            }
Richendra kumar ravi
  • 505
  • 6
  • 13
  • 3
    For anyone using this, just be aware that `FileSystemRights.FullControl` allows anyone to change the permissions and ownership of that file. `FileSystemRights.Modify` does not and is safer. See http://www.mdmarra.com/2013/11/full-control-v-modify-why-you-should-be.html for more info. – Yoshi Feb 01 '17 at 06:54
  • This solution (unlike the accepted answer) works in .net Core/.net 5/.net 6! – Daniel Elkington Oct 06 '22 at 03:52
4

use FileSystemRights.FullControl instead of FileSystemRights.Modify if you want to allow all actions (ACL).

nawfal
  • 70,104
  • 56
  • 326
  • 368
Simon Smeets
  • 581
  • 6
  • 17