Solved

Apply NTFS Permissions to folders and sub-folders

Posted on 2011-09-30
3
754 Views
Last Modified: 2012-06-27
I am trying to have a folder with a username created with 2 subfolders.  I need to have the folder grant a specific user read-only access to the folder while still retaining the inherited permissions.  One of the subfolders need to grant the user Write access.  So the structure will look like this:

c:\ftp (not listed in ACL)
c:\ftp\username (ReadOnly)
c:\ftp\username\ToUser (readonly)
c:\ftp\username\FromUser (write)

Now, I've grabbed code from other posts and got it almost working.  The problem I have is the permissions are being applied correctly to the subfolders, but the user-named folder lists the user in the ACL, but they have no effective permissions.

Here is the code that calls the function:

AddDirectorySecurity((userDirectory), Me.AccountName.Text, FileSystemRights.ReadAndExecute, AccessControlType.Allow)

Open in new window


Then  here is the code for the function:

Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)

        ' Get a DirectorySecurity object that represents the current security settings.
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)

        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, (InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit), PropagationFlags.InheritOnly, ControlType))

        ' Set the new access settings.
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)

Open in new window


I can't figure out why my top username folder isn't getting the accesspermissions set on them.
0
Comment
Question by:aagbo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
vbigham earned 250 total points
ID: 36894468
I think this has to do with the flags you are using.  Have you tried experimenting with some different inheritance flags?

For example, I think I am getting the desired ACL properties with this console program:
 
Option Strict On


Imports System.Security.AccessControl
Imports System.IO


Module Module1

    Sub Main()
        Dim systemRoot As String = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.Windows))
        Dim username As String = Environment.UserName
        Dim ftpRoot As String = Path.Combine(systemRoot, "ftp")

        Dim userFtpRoot As String = Path.Combine(ftpRoot, username)

        Dim userFtpTo As String = Path.Combine(userFtpRoot, "ToUser")
        Dim userFtpFrom As String = Path.Combine(userFtpRoot, "FromUser")

        If Not Directory.Exists(userFtpTo) Then
            Directory.CreateDirectory(userFtpTo)
        End If

        If Not Directory.Exists(userFtpFrom) Then
            Directory.CreateDirectory(userFtpFrom)
        End If

        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)

        AddDirectorySecurity(ftpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(ftpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
    End Sub



    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType, ByVal PropFlags As PropagationFlags, ByVal InheritFlags As InheritanceFlags)
        ' Get a DirectorySecurity object that represents the current security settings.      '
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)
        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).      '
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, InheritFlags, PropFlags, ControlType))
        ' Set the new access settings.      '
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)
    End Sub

End Module

Open in new window

0
 

Author Comment

by:aagbo
ID: 36905966
That sort of works.  For some reason, the top of the "user" folder is only getting the "List Contents" permissions but the "ToUser" and "FromUser" are getting the correct permissions applied.
0
 

Author Closing Comment

by:aagbo
ID: 37006349
Worked perfectly.  Thank you.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DataGridView / get bound table name? 8 47
Access/Visual Basic Question 3 47
VB.net VSTO Excel Ribbon error 4 24
Send SMS from vb.net desktop app 30 45
A while ago, I was working on a Windows Forms application and I needed a special label control with reflection (glass) effect to show some titles in a stylish way. I've always enjoyed working with graphics, but it's never too clever to re-invent …
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question