How to modify file access control in .NET Core

问题

I'm trying to change the permissions of a file in .NET Core. However, it seems that FileInfo doesn't have any SetAccessControl anymore.

// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(FileName);

// Get a FileSecurity object that represents the 
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();

// Add the FileSystemAccessRule to the security settings. 
fSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                Rights,
                                                ControlType));

// Set the new access settings.
fInfo.SetAccessControl(fSecurity);

The goal is just to add execution right to the current owner of a file (which is not Windows or Unix specific feature).

Any clues on how to do that on .NET Core ?

回答1:

The FileSecurity class is now part of the System.IO.FileSystem.AccessControl package for .NET Core. There is no longer a File.GetAccessControl method so you will need to instanciate the FileSecurity instance yourself.

回答2:

At this time there are two extension methods: GetAccessControl and SetAccessControl, for FileInfo, DirectoryInfo and etc.

So you can use var ac = new FileInfo(path).GetAccessControl(), this expression is valid both in .NET Framework and .Net Core. But you still need dotnet add package System.IO.FileSystem.AccessControl.

File.GetAccessControl isn't available in .NET Core.

ref: https://docs.microsoft.com/dotnet/api/system.io.filesystemaclextensions.getaccesscontrol

回答3:

How to Get and modify User Group Other Rights on Windows

I finally implement the Windows file permission access:

1. Get the file security:

      var security = new FileSecurity(fileSystemInfoFullName, 
                AccessControlSections.Owner | 
                AccessControlSections.Group |
                AccessControlSections.Access);

2. Get the authorization rules:

var authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));

3. Get the authorization rules for the owner:

var owner = security.GetOwner(typeof(NTAccount));
foreach (AuthorizationRule rule in authorizationRules)
{
    FileSystemAccessRule fileRule = rule as FileSystemAccessRule;
    if (fileRule != null)
    {
        if (owner != null && fileRule.IdentityReference == owner)
        {
             if (fileRule.FileSystemRights.HasFlag(FileSystemRights.ExecuteFile) ||
                fileRule.FileSystemRights.HasFlag(FileSystemRights.ReadAndExecute) ||
                fileRule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
            {
                ownerRights.IsExecutable = true;
            }
        }
        else if (group != null && fileRule.IdentityReference == group)
        {
            // TO BE CONTINUED...
        }
    }
}

4. Add a rule for owner:

security.ModifyAccessRule(AccessControlModification.Add,
    new FileSystemAccessRule(owner, FileSystemRights.Modify, AccessControlType.Allow),
    out bool modified);

5. Bonus

How to get the group and others, or ... my definition of something equivalent ?

var group = security.GetGroup(typeof(NTAccount));

var others = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null)
                 .Translate(typeof(NTAccount));

Note: This code comes from my open source project Lx.Shell

来源：https://stackoverflow.com/questions/40449973/how-to-modify-file-access-control-in-net-core