The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?
I know I can try this for a SPECIFIC_USER:
FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow);
FileSecurity fSecurity = File.GetAccessControl(filePath);
fSecurity.SetAccessRule(rule);
File.SetAccessControl(filePath, fSecurity);
But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?
Thanks.
EDIT:
This is the code which worked for me. Taken from the answerer's link.
private bool GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(
new SecurityIdentifier(WellKnownSidType.WorldSid, null),
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
return true;
}
Note the PropagationFlags.NoPropagateInherit
which is required (mentioned towards the last in the link). It does grant privilege to even future accounts.
Note to people using this.
When using literal strings for the FileSystemAccessRule
, it should be WellKnownSidType.WorldSid
instead of "everyone"
.
The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).
using System.Security.AccessControl;
using System.Security.Principal;
using System.IO;
private void GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
}