我有 C# 代码(最后):
- 创建一个文件
- 打印当前 ACL
- 授予内置用户组对先前创建的文件的“写入权限”
- 打印当前修改的 ACL
如您在控制台输出中所见,写入权限已通过代码成功分配。
我的问题是:为什么文件的安全选项卡不反映用户组的权限更改?
C#代码:
var file = "sectest.txt";
File.WriteAllText(file, "File security test.");
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
string strBuiltInUsersAccount = sid.Translate(typeof(NTAccount)).ToString();
FileSecurity fileSecurity = new FileSecurity(file,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
Console.WriteLine("AFTER CREATE:");
ShowSecurity(fileSecurity); // BUILTIN\Users group doesn't have Write permission
// short: give "builtin\users" write permissions
var fsAccessRule = new FileSystemAccessRule(strBuiltInUsersAccount,
FileSystemRights.Write,
AccessControlType.Allow);
fileSecurity.ModifyAccessRule(AccessControlModification.Add, fsAccessRule, out bool modified);
Console.WriteLine();
Console.WriteLine("AFTER MODIFY:");
ShowSecurity(fileSecurity); // BUILTIN\Users has Write permission
这只会修改 ACE 中的单一访问规则。然后需要将其保存到文件中。请参阅 File.SetAccessControl(文件路径,文件安全)
https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesecurity?view=net-7.0