why should I pass the `filename` to the `SetAccessControl` method?

StackOverflow https://stackoverflow.com/questions/19571779

  •  01-07-2022
  •  | 
  •  

I'm going to set the full access permission to a file (fileName). I found a code sample:

var security = IO.File.GetAccessControl(fileName);

security.AddAccessRule(new Security.AccessControl.FileSystemAccessRule(
    new SecurityIdentifier(WellKnownSidType.WorldSid, null),
    Security.AccessControl.FileSystemRights.FullControl,
    Security.AccessControl.AccessControlType.Allow));

IO.File.SetAccessControl(fileName, security);

It is working well but I don't understand why should I pass the filename to the SetAccessControl method (I already provided it in the first line)? I made a change to the code and see this is working too:

var security = IO.File.GetAccessControl(anotherFileName);

security.AddAccessRule(new Security.AccessControl.FileSystemAccessRule(
    new SecurityIdentifier(WellKnownSidType.WorldSid, null),
    Security.AccessControl.FileSystemRights.FullControl,
    Security.AccessControl.AccessControlType.Allow));

IO.File.SetAccessControl(fileName, security);

So what is the use of anotherFileName here?

有帮助吗?

解决方案

GetAccessControl will get the FileSecurity.

From MSDN:

Represents the access control and audit security for a file. [...] This class represents access and audit rights as a set of rules.

A FileSecurity is not dependent on a particular file, so you can use one FileSecurity on multiple files to set identical access and audit rights.

This is why you need to specify the filename.

An alternative would be to use the FileInfo class.

var fileInfo = new FileInfo(filename);
var security = fileInfo.GetAccessControl();
// [...]
fileInfo.SetAccessControl(security);

The constructors from MSDN:

FileSecurity()

Will create an empty FileSecurity object.

FileSecurity(String, AccessControlSections)

Creates an empty FileSecurity object from the specified file using the specified values of the AccessControlSections enumeration.

其他提示

Security information (ACL) is not tied to object, so you can get current value for one file and apply to any other file.

This is exactly the same as string name = person.Name - name is not tied to a person, just some property of one.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top