Allow inheritable permissions form the parent to propagate...

From: Mark A. Richman (markarichman_at_gmail.com)
Date: 05/18/05 

Date: 18 May 2005 08:22:42 -0700

How do I turn this flag on from C#? I need to ensure files created in
the directory inherit that directory's ACL.

I am currently setting permissions like this:

ActiveDs.SecurityDescriptor sd = null;
ActiveDs.AccessControlEntryClass ace = null;

ADsSecurityUtilityClass asu = new ADsSecurityUtilityClass();
asu.SecurityMask = (int)(ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_OWNER
| ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_DACL);
sd = asu.GetSecurityDescriptor(folder,
(int)ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID) as
ActiveDs.SecurityDescriptor;

AccessControlList dacl = sd.DiscretionaryAcl as AccessControlList;

if(dacl != null)
{
        ace = new AccessControlEntryClass();
        ace.Trustee = sid;
        ace.AccessMask = (int)perm; // FILE_ALL_ACCESS, FILE_GENERIC_READ,
etc. from winnt.h
        ace.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
        ace.AceFlags = 3; // This value (0x3) is undocumented in Iads.h, but
it works...go figure.
        dacl.AddAce(ace);
        sd.DiscretionaryAcl = dacl;

        asu.SetSecurityDescriptor(folder,
(int)ADS_PATHTYPE_ENUM.ADS_PATH_FILE, sd,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
}
return;

Thanks,
Mark

Quantcast