文件权限不继承目录权限

Posted

技术标签:

【中文标题】文件权限不继承目录权限【英文标题】:File permissions do not inherit directory permissions 【发布时间】:2010-12-04 15:47:59 【问题描述】:

我有一个程序正在为用户输出创建一个安全目录。这工作正常,但我在其中创建(或复制到其中)的文件最终只有管理员访问权限。

 DirectoryInfo outputDirectory =
            baseOutputDirectory.CreateSubdirectory(outputDirectoryName,
            GetDirectorySecurity(searchHits.Request.UserId));

 ...

private DirectorySecurity GetDirectorySecurity(string owner)

    const string LOG_SOURCE = "GetDirectorySecurity";
    DirectorySecurity ds = new DirectorySecurity();

    System.Security.Principal.NTAccount ownerAccount = 
        new System.Security.Principal.NTAccount(owner);

    ds.SetOwner(ownerAccount);

    ds.AddAccessRule(
        new FileSystemAccessRule(owner, 
        FileSystemRights.FullControl,
        AccessControlType.Allow));

    //AdminUsers is a List<string> that contains a list from configuration
    //  That represents the admins who should be allowed
    foreach (string adminUser in AdminUsers)
    
        ds.AddAccessRule(
            new FileSystemAccessRule(adminUser,
            FileSystemRights.FullControl,
            AccessControlType.Allow));
    
    return ds;


/// <summary>
/// This method copies any static supporting files, such as javascripts
/// </summary>
/// <param name="outputDirectory"></param>
private void CopySupportingFiles(DirectoryInfo outputDirectory)

    foreach (FileInfo file in SupportingFiles)
    
        file.CopyTo(
            Path.Combine(outputDirectory.FullName, file.Name));

等等等等等等。

我做错了什么?为什么权限没有级联?

【问题讨论】:

【参考方案1】:

看起来您应该在设置DirectorySecurity 时设置InheritanceFlagsPropagationFlags(我相信它会覆盖您手动设置的任何内容)。 

private DirectorySecurity GetDirectorySecurity(string owner)

    const string LOG_SOURCE = "GetDirectorySecurity";
    DirectorySecurity ds = new DirectorySecurity();

    System.Security.Principal.NTAccount ownerAccount =
        new System.Security.Principal.NTAccount(owner);

    ds.SetOwner(ownerAccount);

    ds.AddAccessRule(
        new FileSystemAccessRule(owner,
        FileSystemRights.FullControl,
        InheritanceFlags.ObjectInherit, 
        PropagationFlags.InheritOnly,
        AccessControlType.Allow));

    //AdminUsers is a List<string> that contains a list from configuration
    //  That represents the admins who should be allowed
    foreach (string adminUser in AdminUsers)
    
        ds.AddAccessRule(
            new FileSystemAccessRule(adminUser,
            FileSystemRights.FullControl,
            InheritanceFlags.ObjectInherit,
            PropagationFlags.InheritOnly,
            AccessControlType.Allow));
    
    return ds;

【讨论】:

说得有道理,斯科特,让我试试。

以上是关于文件权限不继承目录权限的主要内容,如果未能解决你的问题,请参考以下文章

特殊权限

File.Move 不从目标目录继承权限?

hdfs集群默认权限

文件访问控制列表

CS1:Server 2003 文件路径过长导致最末文件夹权限无法继承上层文件夹权限

linux快速修改文件夹及文件下所有文件与文件夹权限