在远程文件/目录上设置 ACL 时未经授权的操作
Posted
技术标签:
【中文标题】在远程文件/目录上设置 ACL 时未经授权的操作【英文标题】:unauthorized operation when setting ACL on a remote file /directory 【发布时间】:2010-01-10 13:23:17 【问题描述】:完全复制: https://***.com/posts/2035107
尝试在远程位置执行文件删除和保存操作。 作为控制台应用程序运行时,它工作正常,但从 XP_CMDSHELL(SQL 服务器)调用时失败 这是从 XP_CMDShell 运行时的异常
[4804] System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
[4804] 在 System.Security.AccessControl.Win32.GetSecurityInfo(ResourceType 资源类型、字符串名称、SafeHandle 句柄、AccessControlSections accessControlSections、RawSecurityDescriptor& resultSd) [4804] 在 System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType,布尔 isContainer,字符串名称,SafeHandle 句柄,AccessControlSections includeSections,布尔 createByName,ExceptionFromErrorCode exceptionFromErrorCode,对象 exceptionContext) [4804] 在 System.Security.AccessControl.FileSystemSecurity..ctor(布尔 isContainer,字符串名称,AccessControlSections includeSections,布尔 isDirectory) [4804] 在 System.Security.AccessControl.DirectorySecurity..ctor(字符串名称,AccessControlSections includeSections) [4804] 在 System.IO.DirectoryInfo.GetAccessControl(AccessControlSections includeSections) [4804] 在 Excel.SetAcl(字符串文件名,字符串帐户)中 D:\SAABZX01D\dev\libraries\EXCEL\Class1.cs:line 228 [4804] 在 Excel.doKEStats(String baanId, String fromDate, String toDate) 在 D:\SAABZX01D\dev\libraries\EXCEL\Class1.cs:line 87
这里是代码
public static bool SetAcl(string filename,string account)
FileSystemAccessRule rule = new FileSystemAccessRule(account, FileSystemRights.FullControl, AccessControlType.Allow);
string path= System.IO.Directory.GetDirectoryRoot(filename);
System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(filename);
bool what = false;
DirectorySecurity security = di.GetAccessControl(AccessControlSections.Access);
security.ModifyAccessRule(AccessControlModification.Add, rule, out what);
di.SetAccessControl(security);
return what;
【问题讨论】:
【参考方案1】:问题是 DirectoryInfo 显示完整路径(包括文件名)。 这是修改后的代码..
public static bool SetAcl(string filename, string account)
FileSystemAccessRule rule = new FileSystemAccessRule(account, FileSystemRights.Write, AccessControlType.Allow);
PermissionSet fp = new PermissionSet(PermissionState.Unrestricted);
fp.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, new string[] filename ));
fp.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write | FileIOPermissionAccess.PathDiscovery, new string[] filename ));
fp.Assert();
System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(System.IO.Path.GetDirectoryName(filename));
bool what = false;
DirectorySecurity security = di.GetAccessControl();
security.ModifyAccessRule(AccessControlModification.Add, rule, out what);
di.SetAccessControl(security);
return what;
【讨论】:
【参考方案2】:确保运行 SQL Server 的帐户具有执行该文件操作的权限。
【讨论】:
以上是关于在远程文件/目录上设置 ACL 时未经授权的操作的主要内容,如果未能解决你的问题,请参考以下文章