Solved

Apply NTFS Permissions to folders and sub-folders

Posted on 2011-09-30
3
742 Views
Last Modified: 2012-06-27
I am trying to have a folder with a username created with 2 subfolders.  I need to have the folder grant a specific user read-only access to the folder while still retaining the inherited permissions.  One of the subfolders need to grant the user Write access.  So the structure will look like this:

c:\ftp (not listed in ACL)
c:\ftp\username (ReadOnly)
c:\ftp\username\ToUser (readonly)
c:\ftp\username\FromUser (write)

Now, I've grabbed code from other posts and got it almost working.  The problem I have is the permissions are being applied correctly to the subfolders, but the user-named folder lists the user in the ACL, but they have no effective permissions.

Here is the code that calls the function:

AddDirectorySecurity((userDirectory), Me.AccountName.Text, FileSystemRights.ReadAndExecute, AccessControlType.Allow)

Open in new window


Then  here is the code for the function:

Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)

        ' Get a DirectorySecurity object that represents the current security settings.
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)

        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, (InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit), PropagationFlags.InheritOnly, ControlType))

        ' Set the new access settings.
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)

Open in new window


I can't figure out why my top username folder isn't getting the accesspermissions set on them.
0
Comment
Question by:aagbo
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
vbigham earned 250 total points
ID: 36894468
I think this has to do with the flags you are using.  Have you tried experimenting with some different inheritance flags?

For example, I think I am getting the desired ACL properties with this console program:
 
Option Strict On


Imports System.Security.AccessControl
Imports System.IO


Module Module1

    Sub Main()
        Dim systemRoot As String = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.Windows))
        Dim username As String = Environment.UserName
        Dim ftpRoot As String = Path.Combine(systemRoot, "ftp")

        Dim userFtpRoot As String = Path.Combine(ftpRoot, username)

        Dim userFtpTo As String = Path.Combine(userFtpRoot, "ToUser")
        Dim userFtpFrom As String = Path.Combine(userFtpRoot, "FromUser")

        If Not Directory.Exists(userFtpTo) Then
            Directory.CreateDirectory(userFtpTo)
        End If

        If Not Directory.Exists(userFtpFrom) Then
            Directory.CreateDirectory(userFtpFrom)
        End If

        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)

        AddDirectorySecurity(ftpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(ftpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
    End Sub



    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType, ByVal PropFlags As PropagationFlags, ByVal InheritFlags As InheritanceFlags)
        ' Get a DirectorySecurity object that represents the current security settings.      '
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)
        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).      '
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, InheritFlags, PropFlags, ControlType))
        ' Set the new access settings.      '
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)
    End Sub

End Module

Open in new window

0
 

Author Comment

by:aagbo
ID: 36905966
That sort of works.  For some reason, the top of the "user" folder is only getting the "List Contents" permissions but the "ToUser" and "FromUser" are getting the correct permissions applied.
0
 

Author Closing Comment

by:aagbo
ID: 37006349
Worked perfectly.  Thank you.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A while ago, I was working on a Windows Forms application and I needed a special label control with reflection (glass) effect to show some titles in a stylish way. I've always enjoyed working with graphics, but it's never too clever to re-invent …
Microsoft Reports are based on a report definition, which is an XML file that describes data and layout for the report, with a different extension. You can create a client-side report definition language (*.rdlc) file with Visual Studio, and build g…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now