SeBackupPrivilege,但无法读取所有文件

tag-icon tag-icon windows permissions file-permissions ntfs user-permissions
SeBackupPrivilege,但无法读取所有文件

我正在尝试读取与当前文件权限无关的完整目录。但即使我拥有“SeBackupPrivilege”,以下代码也会导致“UnauthorizedAccessException”。这是怎么回事?

//Create the test-directory.
string testPath = Path.Combine(Environment.CurrentDirectory, "TestDenied");
string filePath = Path.Combine(testPath, "Foo.txt");
Directory.CreateDirectory(testPath);
using (var fs = File.CreateText(filePath)) {
    fs.WriteLine("Foo");
}
var ds = Directory.GetAccessControl(testPath, Utils.AccessControlSectionsToRead);
ds.SetOwner(WindowsIdentity.GetCurrent().User);
ds.AddAccessRule((FileSystemAccessRule)ds.AccessRuleFactory(
    WindowsIdentity.GetCurrent().User,
    (int)FileSystemRights.FullControl,
    false,
    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
    PropagationFlags.None,
    AccessControlType.Deny)
);
Directory.SetAccessControl(testPath, ds);

//Get the backup-privilege
WinAPI.ModifyPrivilege(PrivilegeName.SeBackupPrivilege, true);
//Checked the privilege on the command line here: The process has it.

//Try to access the forbidden file.
using (var fs = File.OpenRead(filePath)) {
    //UnauthorizedAccessException from the line above.
}

怎么会这样?我以为 SeBackupPrivilege 可以让我访问所有文件?

答案1

哈里指的是创建文件指的是FILE_FLAG_BACKUP_SEMANTICS。最后检查,没有任何 .Net 类公开此标志(可能是因为使用它并不常见)。

然而,对于那些有需要的人来说,总是有调用

相关内容