All geek questions in one place

How to programmatically change file security attributes so that any user can delete a file

I have a server written in C # that uses impersonation.

I would like to know how I can change the security attributes of a file so that any user can delete it.

My server impersonates the user and then creates a temporary file. Later I need to delete the file, but at this moment I no longer impersonate the user who created the file, and when an attempt is made to delete the file, an exception is thrown. My assumption is that while I am creating the file, I should be able to change the security attributes to allow any user to delete the file.

How can I do this (preferably C #, but p / invoke will work too).

I am currently using .NET 1.1, so you can evaluate a method that can be implemented in 1.1.

+3
source share
2 answers

It looks like you want to use the System.IO.File.SetAccessControl method to add an ACL that gives the built-in Everyone group the ability to delete a file. The MSDN documentation has a decent example of adding and removing ACL entries in a file.

+4
source

Instead of letting everyone delete the file, why not add entries only to people who need to delete the file. Based on your message, this will most likely be your user account and the creation process. Allowing literally everyone to delete the file, you may run into security problems in the future.

public static void AllowIdentityToDelete(FileInfo file, string identity) { var rule = new FileSystemAccessRule( identity, FileSystemRights.Delete | FileSystemRights.DeleteSubdirectoriesAndFiles, AccessControlType.Allow); var acls = file.GetAccessControl(); acls.AddAccessRule(rule); file.SetAccessControl(acls); }

You will need to pass the correct identification for this user.

+4
source

Source: https://habr.com/ru/post/1383191/

More articles:


All Articles