Solved

Apply NTFS Permissions to folders and sub-folders

Posted on 2011-09-30
3
751 Views
Last Modified: 2012-06-27
I am trying to have a folder with a username created with 2 subfolders.  I need to have the folder grant a specific user read-only access to the folder while still retaining the inherited permissions.  One of the subfolders need to grant the user Write access.  So the structure will look like this:

c:\ftp (not listed in ACL)
c:\ftp\username (ReadOnly)
c:\ftp\username\ToUser (readonly)
c:\ftp\username\FromUser (write)

Now, I've grabbed code from other posts and got it almost working.  The problem I have is the permissions are being applied correctly to the subfolders, but the user-named folder lists the user in the ACL, but they have no effective permissions.

Here is the code that calls the function:

AddDirectorySecurity((userDirectory), Me.AccountName.Text, FileSystemRights.ReadAndExecute, AccessControlType.Allow)

Open in new window


Then  here is the code for the function:

Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)

        ' Get a DirectorySecurity object that represents the current security settings.
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)

        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, (InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit), PropagationFlags.InheritOnly, ControlType))

        ' Set the new access settings.
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)

Open in new window


I can't figure out why my top username folder isn't getting the accesspermissions set on them.
0
Comment
Question by:aagbo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
vbigham earned 250 total points
ID: 36894468
I think this has to do with the flags you are using.  Have you tried experimenting with some different inheritance flags?

For example, I think I am getting the desired ACL properties with this console program:
 
Option Strict On


Imports System.Security.AccessControl
Imports System.IO


Module Module1

    Sub Main()
        Dim systemRoot As String = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.Windows))
        Dim username As String = Environment.UserName
        Dim ftpRoot As String = Path.Combine(systemRoot, "ftp")

        Dim userFtpRoot As String = Path.Combine(ftpRoot, username)

        Dim userFtpTo As String = Path.Combine(userFtpRoot, "ToUser")
        Dim userFtpFrom As String = Path.Combine(userFtpRoot, "FromUser")

        If Not Directory.Exists(userFtpTo) Then
            Directory.CreateDirectory(userFtpTo)
        End If

        If Not Directory.Exists(userFtpFrom) Then
            Directory.CreateDirectory(userFtpFrom)
        End If

        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)

        AddDirectorySecurity(ftpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(ftpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
    End Sub



    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType, ByVal PropFlags As PropagationFlags, ByVal InheritFlags As InheritanceFlags)
        ' Get a DirectorySecurity object that represents the current security settings.      '
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)
        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).      '
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, InheritFlags, PropFlags, ControlType))
        ' Set the new access settings.      '
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)
    End Sub

End Module

Open in new window

0
 

Author Comment

by:aagbo
ID: 36905966
That sort of works.  For some reason, the top of the "user" folder is only getting the "List Contents" permissions but the "ToUser" and "FromUser" are getting the correct permissions applied.
0
 

Author Closing Comment

by:aagbo
ID: 37006349
Worked perfectly.  Thank you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to create and use a custom WaterMark textbox class.  The custom WaterMark textbox class allows you to set the WaterMark Background Color and WaterMark text at design time.   IMAGE OF WATERMARKS STEPS Create VB …
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question