如何重置和删除账户的 ACL 权限?
Posted
技术标签:
【中文标题】如何重置和删除账户的 ACL 权限?【英文标题】:How to reset and delete ACL permissions for account? 【发布时间】:2017-04-14 07:40:22 【问题描述】:操作系统 Windows 7 SP1 x64
我为某些帐户设置了我的文件夹的 ACL 权限:
var accessRule = new FileSystemAccessRule(account,
fileSystemRights: FileSystemRights.Modify,
inheritanceFlags: InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
propagationFlags: PropagationFlags.None,
type: AccessControlType.Allow);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = directoryinfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(accessRule);
// Set the new access settings.
directoryinfo.SetAccessControl(dSecurity);
在这种情况下,我允许帐户读写。它工作正常。
但后来我想更改该帐户的权限:允许只读权限。我使用这样的代码:
var accessRule = new FileSystemAccessRule(account,
fileSystemRights: FileSystemRights.ReadAndExecute,
inheritanceFlags: InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
propagationFlags: PropagationFlags.None,
type: AccessControlType.Allow);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = directoryinfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(accessRule);
// Set the new access settings.
directoryinfo.SetAccessControl(dSecurity);
但该帐户仍然具有写入权限。我该如何解决?另外,当我以后想要删除该帐户的 ACL 权限时,如何删除?
【问题讨论】:
ResetAccessRule 和 RemoveAccessRule 在DirectorySecurity 中有各种恰当的名称...我将从那里开始...
【参考方案1】:
这很容易:
dSecurity = directoryinfo.GetAccessControl();
accessRule = new FileSystemAccessRule(account,
fileSystemRights: FileSystemRights.ReadAndExecute,
inheritanceFlags: InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
propagationFlags: PropagationFlags.None,
type: AccessControlType.Allow);
dSecurity.SetAccessRule(accessRule);
directoryinfo.SetAccessControl(dSecurity);
以及移除:
dSecurity = directoryinfo.GetAccessControl();
accessRule = new FileSystemAccessRule(account, 0, 0);
dSecurity.RemoveAccessRuleAll(accessRule);
directoryinfo.SetAccessControl(dSecurity);
请注意,即使account 没有访问规则,SetAccessRule 也可以工作(因此它甚至可以用于执行初始 Add)
【讨论】:
以上是关于如何重置和删除账户的 ACL 权限?的主要内容,如果未能解决你的问题,请参考以下文章