Directory Security

Question

Hi, my app is creating a directory so I can store log files in if, however i'm adding a user security to the directory but i don't know how to make it propagate, example i'm adding the user everyone to the directory, read and write access, but when my app then stores a log file in it this directory the log file has not inherited the everyone security(read, write) what am i missing?

DirectorySecurity dirSec = Directory.GetAccessControl(_dbPath);
dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow));
dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.ReadAndExecute, AccessControlType.Allow));
dirSec.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.CreateFiles, AccessControlType.Allow));
Directory.SetAccessControl(_dbPath, dirSec);

Answer 1

In MSDN under the DirectorySecurity it has this line:

Use the FileSecurity class to retrieve, add, or change the access rules that represent the DACL and SACL of a file.

I think that is what you need to look at to change the ACL of a file...

MSDN Ref: http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.directorysecurity.aspx

Answer 2

You're almost there. The thing you're missing is the AuthorizationRule.InheritanceFlags flag - by default ACEs aren't inheritable, but if you add the InheritanceFlags attribute the ACEs will become inheritable.