问题
Using the .NET FileSystemWatcher http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher.aspx to monitor a directory full of files for : Changed; Created; Deleted; Renamed events .
What's the minimum the rights the Account running the FileSystemWatcher needs over the directory it's watching ?
It seems like it would be READ but I can't find that documented anywhere.
Thanks
回答1:
The underlying API is ReadDirectoryChangesW. The only thing mentioned in the MSDN Library article for it is that the FILE_LIST_DIRECTORY access right is required on the directory handle and the directory needs to be opened with the FILE_FLAG_BACKUP_SEMANTICS option.
The .NET framework code is often helpful. The private FileSystemWatcher.StartRaisingEvents() method uses this code to open the directory handle:
directoryHandle = NativeMethods.CreateFile(
directory, // Directory name
UnsafeNativeMethods.FILE_LIST_DIRECTORY, // access (read-write) mode
UnsafeNativeMethods.FILE_SHARE_READ |
UnsafeNativeMethods.FILE_SHARE_DELETE |
UnsafeNativeMethods.FILE_SHARE_WRITE, // share mode
null, // security descriptor
UnsafeNativeMethods.OPEN_EXISTING, // how to create
UnsafeNativeMethods.FILE_FLAG_BACKUP_SEMANTICS |
UnsafeNativeMethods.FILE_FLAG_OVERLAPPED, // file attributes
new SafeFileHandle(IntPtr.Zero, false)); // file with attributes to copy
Use FILE_FLAG_OVERLAPPED only for asynchronous notifications.
回答2:
If the FileSystemWatcher is based on ReadDirectoryChangesW it needs:
- FILE_LIST_DIRECTORY on the directory to be monitored
- The privilege SeBackupPrivilege which allows the holder to read anything while bypassing access checks. The indication for this is the flag FILE_FLAG_BACKUP_SEMANTICS to CreateFile.
This is documented in the description of ReadDirectoryChangesW linked above.
来源:https://stackoverflow.com/questions/3974004/filesystemwatcher-minimum-permissions-needed-on-target-directories