Re: How can I control folder permissions when creating a folder
From: Steve Hiner (newsgroup.me.hates.spam_at_isiaz.com)
Date: Tue, 24 Aug 2004 17:12:05 -0700
I started playing with an ACL library but it seemed like massive overkill.
Can you explain why a new folder under All Users\Application Data wouldn't
give access to all users? I'd also like to know why it only happens
sometimes. I have 4 folders on my system created exactly the same way, two
have the same permissions as the parent folder, the other two limit access
to the creator and administrators.
I thought folders under All Users would always inherit permissions such that
everyone would have access to them.
My problem would be solved if I could find an ACL library that would let me
set "inherit from parent" right after I create the folder.
""Shawn Farkas"" <email@example.com> wrote in message
> Hi Steve,
> If you're using v1.1 or 1.0 of the framework, there is no built in ACL
solution, you'll need to find a third party ACL library. (I believe you'll
> able to find on on gotdotnet.com to help you out). For v2.0, we'll be
adding a new System.Security.AccessControl namespace and exposing
> methods on the various File, Directory, and Registry classes to allow
directly working with ACLs on your file system.
> This posting is provided "AS IS" with no warranties, and confers no
> Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
> >Date: Mon, 23 Aug 2004 15:33:39 -0700
> >From: "Steve Hiner (331841)" <firstname.lastname@example.org>
> >User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502)
> >X-Accept-Language: en-us, en
> >MIME-Version: 1.0
> >Subject: How can I control folder permissions when creating a folder
> >Content-Type: text/plain; charset=us-ascii; format=flowed
> >Content-Transfer-Encoding: 7bit
> >Message-ID: <u9kOCFWiEHA.3876@TK2MSFTNGP12.phx.gbl>
> >Newsgroups: microsoft.public.dotnet.security
> >NNTP-Posting-Host: w146.z064220215.den-co.dsl.cnc.net 188.8.131.52
> >Lines: 1
> >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:7212
> >X-Tomcat-NG: microsoft.public.dotnet.security
> >I have an application that stores data in the "All Users\Application
> >Data" folder. Unfortunately it often sets the security of the created
> >folder such that normal users can't write to the folder.
> >I thought All Users was by definition accessible to all users.
> >I can see that normal users have read/write access to:
> >All Users
> >All Users\Application Data
> >All Users\Application Data\My Application
> >But when I create:
> >All Users\Application Data\My Application\My Data
> >it sets up the security so only the owner or other Admins have write
> >access. Sometimes it denies read access as well.
> >The first time you run the application it has to write licensing info to
> >the "Program Files\My Application" directory so it has to be run by an
> >administrator. The unfortunate side-effect of that is that the data
> >folder is always created by an administrator so normal users get locked
> >out of it.
> >This isn't even consistent. I have a few different products within the
> >same product family. Some of them end up with permissions that allow
> >normal users to have access to the folder, others deny them access but
> >they all use the exact same Directory.CreateDirectory() call to create
> >the folder. The only difference I can think of is that the folders that
> >give read/write access have a space in the parent folder name.
> >Why doesn't my data folder inherit it's permissions from the parent
> >folder? Is there something I need to do to make it inherit? Of course,
> >I also need all the files in my data folder to inherit the permissions
> >of the parent folder.