Search code examples
c#permissionsdirectory

Set permissions for directories/subdirectories/files

I want to be able to set the persmissions for subfolders and files inside a targeted folder for a specific user.

Up until now i found out how to set the permissions for a specific folder. But not for subfolders and files inside the original folder. After an extensive Internet search I could not find any clue on how to tackle this problem. Also, the Windows doku just shows how to set permissions for a directory only.

class DirectoryPermissions
{
    public static void DirectoryPermissionsMain(string Directory, string Account, string Rights, int Takeaway, string Domain)
    {
        try
        {
            string DirectoryName = Directory;

            Console.WriteLine("Adding access control entry for " + DirectoryName);
            if(Takeaway == 0 && Rights.Equals("Read")){
                AddDirectorySecurity(DirectoryName, Domain + @"\" + Account, FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + DirectoryName);
            }
            
            MessageBox.Show("Done");

        }
        catch (Exception e)
        {
            Console.WriteLine(e);
        }

        Console.ReadLine();
    }

    // Adds an ACL entry on the specified directory for the specified account.
    public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
    {
        // Create a new DirectoryInfo object.
        DirectoryInfo dInfo = new DirectoryInfo(FileName);

        // Get a DirectorySecurity object that represents the 
        // current security settings.
        DirectorySecurity dSecurity = dInfo.GetAccessControl();

        // Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                        Rights,
                                                        ControlType));

        // Set the new access settings.
        dInfo.SetAccessControl(dSecurity);

    }
}

I hope one of you can point me in the right direction.

Solution

  • You have to add another AccessRule with InheritanceFlags set to ContainerInherit AND ObjectInherit.

    To get the permissions to propgate to child folders, the PropagationFlag is set to Inherit only.

    Here's an example below

        public void PropogateSecurity(string userid,string directory)
    {

        var myDirectoryInfo = new DirectoryInfo(directory);
        var myDirectorySecurity = myDirectoryInfo.GetAccessControl();
        myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(userid, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
        myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(userid, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
        myDirectoryInfo.SetAccessControl(myDirectorySecurity);

    }

    You can also do this with recursion, but the above would be my preferred method as cleaning up permissions would be annoying.