Solved

Apply NTFS Permissions to folders and sub-folders

Posted on 2011-09-30
3
744 Views
Last Modified: 2012-06-27
I am trying to have a folder with a username created with 2 subfolders.  I need to have the folder grant a specific user read-only access to the folder while still retaining the inherited permissions.  One of the subfolders need to grant the user Write access.  So the structure will look like this:

c:\ftp (not listed in ACL)
c:\ftp\username (ReadOnly)
c:\ftp\username\ToUser (readonly)
c:\ftp\username\FromUser (write)

Now, I've grabbed code from other posts and got it almost working.  The problem I have is the permissions are being applied correctly to the subfolders, but the user-named folder lists the user in the ACL, but they have no effective permissions.

Here is the code that calls the function:

AddDirectorySecurity((userDirectory), Me.AccountName.Text, FileSystemRights.ReadAndExecute, AccessControlType.Allow)

Open in new window


Then  here is the code for the function:

Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)

        ' Get a DirectorySecurity object that represents the current security settings.
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)

        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, (InheritanceFlags.ContainerInherit + InheritanceFlags.ObjectInherit), PropagationFlags.InheritOnly, ControlType))

        ' Set the new access settings.
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)

Open in new window


I can't figure out why my top username folder isn't getting the accesspermissions set on them.
0
Comment
Question by:aagbo
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
vbigham earned 250 total points
ID: 36894468
I think this has to do with the flags you are using.  Have you tried experimenting with some different inheritance flags?

For example, I think I am getting the desired ACL properties with this console program:
 
Option Strict On


Imports System.Security.AccessControl
Imports System.IO


Module Module1

    Sub Main()
        Dim systemRoot As String = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.Windows))
        Dim username As String = Environment.UserName
        Dim ftpRoot As String = Path.Combine(systemRoot, "ftp")

        Dim userFtpRoot As String = Path.Combine(ftpRoot, username)

        Dim userFtpTo As String = Path.Combine(userFtpRoot, "ToUser")
        Dim userFtpFrom As String = Path.Combine(userFtpRoot, "FromUser")

        If Not Directory.Exists(userFtpTo) Then
            Directory.CreateDirectory(userFtpTo)
        End If

        If Not Directory.Exists(userFtpFrom) Then
            Directory.CreateDirectory(userFtpFrom)
        End If

        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)
        AddDirectorySecurity(userFtpTo, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.None)
        AddDirectorySecurity(userFtpFrom, username, FileSystemRights.ReadAndExecute Or FileSystemRights.Write, AccessControlType.Allow, PropagationFlags.InheritOnly, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit)

        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(userFtpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)

        AddDirectorySecurity(ftpRoot, username, FileSystemRights.ReadAndExecute, AccessControlType.Allow, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
        AddDirectorySecurity(ftpRoot, username, FileSystemRights.Write, AccessControlType.Deny, PropagationFlags.NoPropagateInherit, InheritanceFlags.ContainerInherit)
    End Sub



    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType, ByVal PropFlags As PropagationFlags, ByVal InheritFlags As InheritanceFlags)
        ' Get a DirectorySecurity object that represents the current security settings.      '
        Dim dSecurity As DirectorySecurity = Directory.GetAccessControl(FileName)
        ' Add the FileSystemAccessRule to the security settings (**following is one line of code**).      '
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, InheritFlags, PropFlags, ControlType))
        ' Set the new access settings.      '
        dSecurity.SetAccessRuleProtection(True, True)
        Directory.SetAccessControl(FileName, dSecurity)
    End Sub

End Module

Open in new window

0
 

Author Comment

by:aagbo
ID: 36905966
That sort of works.  For some reason, the top of the "user" folder is only getting the "List Contents" permissions but the "ToUser" and "FromUser" are getting the correct permissions applied.
0
 

Author Closing Comment

by:aagbo
ID: 37006349
Worked perfectly.  Thank you.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial demonstrates one way to create an application that runs without any Forms but still has a GUI presence via an Icon in the System Tray. The magic lies in Inheriting from the ApplicationContext Class and passing that to Application.Ru…
1.0 - Introduction Converting Visual Basic 6.0 (VB6) to Visual Basic 2008+ (VB.NET). If ever there was a subject full of murkiness and bad decisions, it is this one!   The first problem seems to be that people considering this task of converting…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question