• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 776
  • Last Modified:

Apply NTFS Permissions to folders and sub-folders

I am trying to have a folder with a username created with 2 subfolders.  I need to have the folder grant a specific user read-only access to the folder while still retaining the inherited permissions.  One of the subfolders need to grant the user Write access.  So the structure will look like this:

c:\ftp (not listed in ACL)
c:\ftp\username (ReadOnly)
c:\ftp\username\ToUser (readonly)
c:\ftp\username\FromUser (write)

Now, I've grabbed code from other posts and got it almost working.  The problem I have is the permissions are being applied correctly to the subfolders, but the user-named folder lists the user in the ACL, but they have no effective permissions.

Here is the code that calls the function:

AddDirectorySecurity((userDirectory), Me.AccountName.Text, FileSystemRights.ReadAndExecute, AccessControlType.Allow)

Open in new window


Then  here is the code for the function:

Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)

        ' Get a DirectorySecurity object that represents the current security settings.
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)

        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, (InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit), PropagationFlags.InheritOnly, ControlType))

        ' Set the new access settings.
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)

Open in new window


I can't figure out why my top username folder isn't getting the accesspermissions set on them.
0
aagbo
Asked:
aagbo
  • 2
1 Solution
 
vbighamCommented:
I think this has to do with the flags you are using.  Have you tried experimenting with some different inheritance flags?

For example, I think I am getting the desired ACL properties with this console program:
 
Option Strict On


Imports System.Security.AccessControl
Imports System.IO


Module Module1

    Sub Main()
        Dim systemRoot As String = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.Windows))
        Dim username As String = Environment.UserName
        Dim ftpRoot As String = Path.Combine(systemRoot, "ftp")

        Dim userFtpRoot As String = Path.Combine(ftpRoot, username)

        Dim userFtpTo As String = Path.Combine(userFtpRoot, "ToUser")
        Dim userFtpFrom As String = Path.Combine(userFtpRoot, "FromUser")

        If Not Directory.Exists(userFtpTo) Then
            Directory.CreateDirectory(userFtpTo)
        End If

        If Not Directory.Exists(userFtpFrom) Then
            Directory.CreateDirectory(userFtpFrom)
        End If

        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)

        AddDirectorySecurity(ftpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(ftpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
    End Sub



    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType, ByVal PropFlags As PropagationFlags, ByVal InheritFlags As InheritanceFlags)
        ' Get a DirectorySecurity object that represents the current security settings.      '
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)
        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).      '
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, InheritFlags, PropFlags, ControlType))
        ' Set the new access settings.      '
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)
    End Sub

End Module

Open in new window

0
 
aagboAuthor Commented:
That sort of works.  For some reason, the top of the "user" folder is only getting the "List Contents" permissions but the "ToUser" and "FromUser" are getting the correct permissions applied.
0
 
aagboAuthor Commented:
Worked perfectly.  Thank you.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now