我有 C# 代码(在最后):
- 创建文件
- 打印当前 ACL
- 授予内置用户组对先前创建的文件的“写权限”
- 打印当前修改的 ACL
正如您在控制台输出中看到的,写权限已通过代码成功分配。
我的问题是:为什么文件的安全选项卡没有反映用户组的权限更改?
C# 代码:
var file = "sectest.txt";
File.WriteAllText(file, "File security test.");
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
string strBuiltInUsersAccount = sid.Translate(typeof(NTAccount)).ToString();
FileSecurity fileSecurity = new FileSecurity(file,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
Console.WriteLine("AFTER CREATE:");
ShowSecurity(fileSecurity); // BUILTIN\Users group doesn't have Write permission
// short: give "builtin\users" write permissions
var fsAccessRule = new FileSystemAccessRule(strBuiltInUsersAccount,
FileSystemRights.Write,
AccessControlType.Allow);
fileSecurity.ModifyAccessRule(AccessControlModification.Add, fsAccessRule, out bool modified);
Console.WriteLine();
Console.WriteLine("AFTER MODIFY:");
ShowSecurity(fileSecurity); // BUILTIN\Users has Write permission
答案1
这只会修改 ACE 中的单个访问规则。然后需要将其保留到文件中。请参阅 File.SetAccessControl(filePath, fileSecurity)
https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesecurity?view=net-7.0