Click here to Skip to main content
15,884,298 members
Search within:


File I/O permissions, the C# way
Please Sign up or sign in to vote.
4.50/5 (4 votes)
See more:
C#2.0
C#
Those interested in the why can have a look here[^].
For now, I wonder how to do the following:

During installation with administrative permissions, my software creates a directory within "Documents and Settings\All Users\Documents". Users shall save their projects there.

Normally, users are allowed to create their own files there but not to alter files created by another user. I want to allow users to change all files regardless of creator. This is what I derived from stackoverflow.com[^]
// Create a new DirectoryInfo object.
System.IO.DirectoryInfo dInfo = new System.IO.DirectoryInfo(dirName);

// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();

// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(
    new FileSystemAccessRule(
        new System.Security.Principal.NTAccount("UserGroupGoesHere"),
        FileSystemRights.DeleteSubdirectoriesAndFiles,
        AccessControlType.Allow
    )
);

// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
Maybe, I'll have to repeat permission adaption on every file create for the newly created file. But still the question stands: What is "UserGroupGoesHere" to substitute for? It shall represent all normal users, not excluding power users.

How do I get the name of the "users" user group on any given windows pc?
Posted
Add a Solution
Comments
Manfred Rudolf Bihy 13-Apr-11 9:13am    
Good question! 5+
This will most probably proove to be useful some time or the other. :)

6 solutions

I found this link on the MS support site which seems to contain relevant information: How to deal with localized and renamed user and group names[^].

Cheers!

-MRB
 
Share this answer
 
Posted
Comments
Nish Nishant 13-Apr-11 10:08am    
Voted 5, proposed as answer.
Manfred Rudolf Bihy 14-Apr-11 6:59am    
Thanks Nishant!
I believe the article I wrote here:

User Login For WinForm Applications[^]

will help you get the user group(s) the currently logged in user is a member of.
 
Share this answer
 
Posted
Right-click "My Computer", Click "Manage", then go to "Local Users and Groups", you'll see a list of Groups right there.

I suspect the group you want is simply called "Users".

Hope it helps.
 
Share this answer
 
Posted
Comments
lukeer 13-Apr-11 9:09am    
I can only guess that, on an english or american windows xp, that would be the case. On my pc, it's "Benutzer".

But what I need is to know the correct name on any computer. I still hope there is some emumeration or method that gives the correct name of the "users" group.
Manfred Rudolf Bihy 13-Apr-11 9:15am    
My guess is that it might even be the internal name as "Benutzer" and "User" are only localized descriptions off builtin accounts?
#realJSOP 13-Apr-11 10:43am    
I think he wants to retrieve that info programatically, which is possible - I've done it.
Here is a link you may want to have a look at[^]
 
Share this answer
 
Posted
I think I found it:
// Create a new DirectoryInfo object.
System.IO.DirectoryInfo dInfo = new System.IO.DirectoryInfo(
    "X:\\Somewhere\\MyDirectory"
);

// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();

// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(
    new FileSystemAccessRule(
        new System.Security.Principal.SecurityIdentifier(
            System.Security.Principal.WellKnownSidType.BuiltinUsersSid,
            null
        ),
        FileSystemRights.DeleteSubdirectoriesAndFiles,
        //FileSystemRights.FullControl,
        AccessControlType.Allow
    )
);

// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
The BuiltinUsersSid should make this work for all normal users (in some cases WorldSid could be helpful as "Everyone"). Of course, whoever executes that code has to have the right to change those permissions in order to succeed.

In my case I would call above code right after creating a directory. The caller would therefore be the owner. So he should be able to do whatever he wants.

I tried above code by creating two user accounts on my windows XP. As admin, I created a directory and run above code. Then, I created a file inside the directory.
As user1, I wasn't able to change the test file, but to delete it and create another one. As user2, I again couldn't change the new file, but delete it and create yet another one.

So DeleteSubdirectoriesAndFiles seems to cause just what you would expect from its name.
 
Share this answer
 
Posted
Comments
iceboy2009d 2-Dec-12 14:18pm    
how to change permission of deny to allow /
These changes do not;
and i see deny in permissions advanced;
C#
private static DirectorySecurity RemoveExplicitSecurity(DirectorySecurity directorySecurity)
{
    AuthorizationRuleCollection rules = directorySecurity.GetAccessRules(true, false, typeof(System.Security.Principal.NTAccount));
    foreach (FileSystemAccessRule rule in rules)
        directorySecurity.RemoveAccessRule(rule);
    return directorySecurity;
}
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
File I/O permissions
Fix makefile permissions in wsl
File I/O in C language
How do I fixe windows 10 permission probems.
Sql file permissions
Permission denied
web.config and permission
Error unzip my file in "C:\\Program Files (x86)" , No permissions
Administrative permission using batch file
Set Permission to a file using C#

Advertise
Privacy
Cookies
Terms of Use
Last Updated 2 Dec 2012
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900