locked
Vista Folder Permissions Question... RRS feed

  • Question

  • I'm using a custom windows installer class in Visual Studio 2008 to create a folder to store application settings files that will be computer specific, not user specific in Windows Vista.  Is there a way using something like the DirectorySecurity class below to force the propagation of assigned security rights to subfolders and files created underneath my target folder?  What I have below creates the correct permissions on the folder, but in the advanced security setup for the target folder, it is marked as 'This folder only', and I would like it to be marked as 'This folder, subfolders and files'.

     

     

     

    Code Snippet

     

    Public Class myInstaller

     

    Private sysPath As String = System.Environment.GetFolderPath( _

    Environment.SpecialFolder.CommonApplicationData)

     

    Private appVendor As String = "MyCompany"

    Private appName As String = "MyApplication"

    Private appLog As String = "MyEventLogSource"

     

    Public Overrides Sub Install(ByVal stateSaver As System.Collections.IDictionary)

    Try

    MyBase.Install(stateSaver)

    EventLog.CreateEventSource(appLog, "Application")

     

    Dim target As String = Path.Combine(sysPath, _

    Path.Combine(appVendor, appName))

     

    If Not System.IO.Directory.Exists(target) Then

    Dim ds As DirectorySecurity = New DirectorySecurity

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.ContainerInherit And InheritanceFlags.ObjectInherit, _

    PropagationFlags.InheritOnly, _

    AccessControlType.Allow))

     

    System.IO.Directory.CreateDirectory(target, ds)

    End If

    Catch ex As Exception

    MessageBox.Show(ex.ToString, "Error performing installer tasks")

    End Try

    End Sub

     

    Public Overrides Sub Uninstall(ByVal savedState As System.Collections.IDictionary)

    Try

    MyBase.Uninstall(savedState)

    EventLog.DeleteEventSource(appLog)

    Catch ex As Exception

    MessageBox.Show(ex.ToString, "Error performing un-installer tasks")

    End Try

    End Sub

     

    End Class

     

     

    Friday, May 2, 2008 11:15 PM

Answers

  • This was actually easy to fix, I just needed to assign a new FileSystemAccessRule for each of the InheritianceFlags enumeration values.  I also discovered it is better to create the folder and then assign the special permissions, otherwise the permissions that would be inherited from the parent folder are not applied to the new folder.

     

     

    Code Snippet

    Public Class myInstaller

     

    Private sysPath As String = System.Environment.GetFolderPath( _

    Environment.SpecialFolder.CommonApplicationData)

     

    Private appVendor As String = "MyCompany"

    Private appName As String = "MyApplication"

    Private appLog As String = "MyEventLogSource"

     

    Public Overrides Sub Install(ByVal stateSaver As System.Collections.IDictionary)

    Try

    MyBase.Install(stateSaver)

    EventLog.CreateEventSource(appLog, "Application")

     

    Dim target As String = Path.Combine(sysPath, _

    Path.Combine(appVendor, appName))

     

    If Not System.IO.Directory.Exists(target) Then

    Dim ds As DirectorySecurity = New DirectorySecurity

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.ContainerInherit, _

    PropagationFlags.InheritOnly, _

    AccessControlType.Allow))

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.None, _

    PropagationFlags.InheritOnly, _

    AccessControlType.Allow))

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.ObjectInherit, _

    PropagationFlags.InheritOnly, _

    AccessControlType.Allow))

     

    System.IO.Directory.CreateDirectory(target, ds)

    End If

    Catch ex As Exception

    MessageBox.Show(ex.ToString, "Error performing installer tasks")

    End Try

    End Sub

     

    Public Overrides Sub Uninstall(ByVal savedState As System.Collections.IDictionary)

    Try

    MyBase.Uninstall(savedState)

    EventLog.DeleteEventSource(appLog)

    Catch ex As Exception

    MessageBox.Show(ex.ToString, "Error performing un-installer tasks")

    End Try

    End Sub

     

    End Class

     

     

     

    Monday, May 19, 2008 3:39 PM

All replies

  • This was actually easy to fix, I just needed to assign a new FileSystemAccessRule for each of the InheritianceFlags enumeration values.  I also discovered it is better to create the folder and then assign the special permissions, otherwise the permissions that would be inherited from the parent folder are not applied to the new folder.

     

     

    Code Snippet

    Public Class myInstaller

     

    Private sysPath As String = System.Environment.GetFolderPath( _

    Environment.SpecialFolder.CommonApplicationData)

     

    Private appVendor As String = "MyCompany"

    Private appName As String = "MyApplication"

    Private appLog As String = "MyEventLogSource"

     

    Public Overrides Sub Install(ByVal stateSaver As System.Collections.IDictionary)

    Try

    MyBase.Install(stateSaver)

    EventLog.CreateEventSource(appLog, "Application")

     

    Dim target As String = Path.Combine(sysPath, _

    Path.Combine(appVendor, appName))

     

    If Not System.IO.Directory.Exists(target) Then

    Dim ds As DirectorySecurity = New DirectorySecurity

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.ContainerInherit, _

    PropagationFlags.InheritOnly, _

    AccessControlType.Allow))

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.None, _

    PropagationFlags.InheritOnly, _

    AccessControlType.Allow))

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.ObjectInherit, _

    PropagationFlags.InheritOnly, _

    AccessControlType.Allow))

     

    System.IO.Directory.CreateDirectory(target, ds)

    End If

    Catch ex As Exception

    MessageBox.Show(ex.ToString, "Error performing installer tasks")

    End Try

    End Sub

     

    Public Overrides Sub Uninstall(ByVal savedState As System.Collections.IDictionary)

    Try

    MyBase.Uninstall(savedState)

    EventLog.DeleteEventSource(appLog)

    Catch ex As Exception

    MessageBox.Show(ex.ToString, "Error performing un-installer tasks")

    End Try

    End Sub

     

    End Class

     

     

     

    Monday, May 19, 2008 3:39 PM
  • Unless the class is pretty smart and combines these ACEs into 1, it's going to result in a weird and inefficient ACL.

    I've never used this class but you should be able to condense this into one call:

    ds.AddAccessRule(New FileSystemAccessRule("BUILTIN\Users", _

    FileSystemRights.FullControl, _

    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, _

    PropagationFlags.None, _

    AccessControlType.Allow))

     

    I've also removed the InheritOnly flag because I bet it's not what you wanted to do (assuming you wanted these ACEs to apply to target).

    Friday, May 23, 2008 6:57 PM