Re: Propagation of permissions


Sorry to reply to myself, but further work that I've done suggests I should add some more information.

We have a folder in which all user home and profile directories are created. For the purposes of this issue, all profile directories are created inside the home directories. The directories are created by a special user, which we'll call useradmin for the sake of this post. My application (a .NET remote object hosted by a service) runs as this user.

Obviously useradmin needs to have full permission on this root folder so that it can create the home and profile directories and set their permissions. Equally obviously, Everyone needs to have pass through permissions so that users can reach their home and profile directories.

In addition, there are two groups of admin users that need full permissions on the root and created folders (and all subsequent subfolders and files) - let's say 'helpdesk' and 'support'.

The final position that I want to arrive at is that the user for whom the home and profile directories are being created is the owner of the home and profile directories (and all subsequent subfolders and files), with full permissions on the created folders, subfolders and files; that the helpdesk and support users also have full permissions on the created folders and all sub-folders and files.

Pass-through rights for Everyone should stop at the root folder and not extend into any home and/or profile directories.

The useradmin's permissions should be revoked as soon as the position above has been satisfactorily created.

I've found that I can get the necessary permissions for the helpdesk and support user by doing:

dSecurity.SetAccessRuleProtection(false, false);

(I previously had dSecurity.SetAccessRuleProtection(true, false);)

Unfortunately, this means that Everyone and the useradmin user also get to inherit their permissions, giving them access to the home and profile directories.

I really am lost on this one, so if anyone can help, I'd be very grateful.



Peter Bradley wrote:

This must be a really simple thing, but I can't seem to find the right incantation...

I'm trying to set security permissions on a directory using .NET 2.0. What I'm trying to achieve is the equivalent of checking the, "Allow inheritable permissions to propagate to this object and all child objects..." check box on the Advanced Security Settings dialog. I've tried every setting for the PropagationFlags, but can't seem to find one that works. For example, I might have:

// Add the FileSystemAccessRules to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(sid,
FileSystemRights.FullControl, InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit, PropagationFlags.None,

Sorry if I'm just too thick to see something that's staring me in the face.

Is there a decent reference for this? I couldn't find anything on the Web - but perhaps my Google-foo has deserted me.



Relevant Pages

  • Re: Permissions Problem
    ... It was the permissions on the share not the security settings, ... This folder is mapped properly whenever ... > to the base and the sub folder and setting to full control but this does ...
  • Setting directory permissions (.NET)
    ... I have a requirement to set, programmatically, permissions on users' home and profile directories when they are created. ... I want to programmatically set this property for each user with permissions on the folder to "This folder, subfolders and files". ...
  • Re: access denied "permissions"
    ... favorites & cookies folder. ... and then reapply the permissions and security settings that you ... Right-click the folder that you want to take ownership of, ...
  • Re: access denied "permissions"
    ... How to set, view, change, or remove file and folder permissions in Windows ... and then reapply the permissions and security settings that you ... Right-click the folder that you want to take ownership of, ...
  • RE: Hiding Security Setting Folder
    ... You can't hide the folder. ... unfortunately by design of the Outlook Security Settings feature. ... reviewer permissions to this folders so they could read the attributes. ...