c#directorypermissionsactive-directoryfile-permissions
Apply this "folder only" permissions for AD Groups to a folder
I'm struggling a bit with folder permissions.
I want to basically add a AD group to a folder with modify access but then restrict it.
Problem is I couldn't figure out how to apply a permission to "this folder only"
The goal is to set the following restrictions to a main folder:
- deny delete subfolders
- deny delete
- deny change permissions
- deny take ownership
I found the AccessRule Class but I can't find any detail on how to do this with C#
Does anyone know how to do this?
Solution
I found a solution. Here is the code and the info:
//set params for all access sets
AccessControlType DenyAccess = AccessControlType.Deny;
AccessControlType AllowAccess = AccessControlType.Allow;
InheritanceFlags inheritFlag = InheritanceFlags.None;
InheritanceFlags inheritFlag2 = InheritanceFlags.ContainerInherit;
InheritanceFlags inheritFlag3 = InheritanceFlags.ObjectInherit;
PropagationFlags propagationFlags = PropagationFlags.None;
FileSystemRights access = FileSystemRights.ChangePermissions;
FileSystemRights access2 = FileSystemRights.Delete;
FileSystemRights access3 = FileSystemRights.TakeOwnership;
FileSystemRights access4 = FileSystemRights.DeleteSubdirectoriesAndFiles;
FileSystemRights ReadAccess = FileSystemRights.ReadAndExecute;
FileSystemRights ModifyAccess = FileSystemRights.Modify;
DirectoryInfo info = new DirectoryInfo(strPath);
DirectorySecurity security = info.GetAccessControl();
//set read right for group
NTAccount GroupRead = new NTAccount(StrDomain, strGroupRead);
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag3, propagationFlags, AllowAccess));
//set Modify right for group
NTAccount GroupModify = new NTAccount(StrDomain, strGoupModify);
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag3, propagationFlags, AllowAccess));
//set special right group
security.AddAccessRule(new FileSystemAccessRule(groupModify, access, inheritFlag, propagationFlags, DenyAccess)); //ChangePermission
security.AddAccessRule(new FileSystemAccessRule(groupModify, access2, inheritFlag, propagationFlags, DenyAccess)); //Delete
security.AddAccessRule(new FileSystemAccessRule(groupModify, access3, inheritFlag, propagationFlags, DenyAccess)); //Ownership
security.AddAccessRule(new FileSystemAccessRule(groupModify, access4, inheritFlag, propagationFlags, DenyAccess)); //Delete subfiles and folders
//add rights to folder
info.SetAccessControl(security);
This gives you a folder with a read and modify group and the modify group can't delete the main folder and also the members can't take ownership over it nor change the permissions on it.
cheers
- What is the scope of `fesetround()`?
- Which specific optimization flag causes libm functions to be treated as pure?
- How to render text in SDL2?
- Why would you use 'extern "C++"'?
- Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
- Fast inverse square root using fixed point instead of floating point
- What is the const qualifier attached to in C: the memory area or the pointer?
- Is this declaration UB?
- GCC options for strictest C code?
- How to do an explicit fall-through in C
- How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
- C: cmocka headers - how to unittest?
- Why in C when I print a double with a one decimal it round it to the next number
- Android C to Java SWIG unable to compile: incompatible types: byte cannot be converted to SWIGTYPE_p_uint8_t
- GNU Make in Ubuntu giving fatal error: rpc/types.h: No such file or directory
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How change every struct in an array of pointers?
- Optimized 2x2 matrix multiplication: Slow assembly versus fast SIMD
- Simple frame by frame video decoder library
- GCC no longer implements <varargs.h>
- Contents of IO buffer unknown == unsafe?
- Avoiding strcpy overflow destination warning
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?