File permission audit

**tlhintoq** · Nov 27 '08, 02:17 AM

By 'permissions' do you mean 'attributes' such as hidden, read-only etc.?

[CODE=c] public static bool IsHidden(string FilePath)
{
if ((File.GetAttri butes(FilePath) & FileAttributes. Hidden) == FileAttributes. Hidden) return true;
else return false;
}
[/CODE]

I did run across this for setting Access Control. Perhaps it can help point you toward reading Access Control if that was more your intent.

Code:

 public static void setAccessRule ( string directory )  
        {  
            System.Security.AccessControl.DirectorySecurity sec =  
                                    System.IO.Directory.GetAccessControl ( directory );  
            FileSystemAccessRule accRule = new FileSystemAccessRule ( Globals.userIdentity,  
                 FileSystemRights.FullControl, AccessControlType.Allow );  
            sec.AddAccessRule ( accRule );  
        }                                               // setACL

**balabaster** · Nov 27 '08, 02:30 AM

Nah, the basic attributes are a walk in the park, I do can all that without any problems. What I'm really after is a list of the security principals that have access to the file and what level of access they have.

For example:
BAlabaster is the file owner
Domain Users has read/execute
Power Users have read/write/execute
Domain Admins have read/write/execute/delete

I've found a bunch of information regarding how to set this stuff if you know the principal and I guess if I have a principal I can check access without too many problems i.e. I can tell if BAlabaster has read or write access to a file...

But I can't get a list of all user groups that have access to a given file and what their permissions are for the file - kind of backwards from everything that the documentation seems to target...

**tlhintoq** · Nov 27 '08, 10:27 AM

Ah - Now I understand. I don't have an answer... but that just makes me more curious. Guess we'll have to see who meets back here first with a way to do it.

**PRR** · Nov 27 '08, 11:15 AM

Originally posted by balabaster

I'm trying to write a quick recursive function to iterate through a folder tree and list off the owner and file permissions of each of the files... can someone point me in the direction of where to start. I can handle the recursion over the folder tree without any headaches... it's when it comes to reading the file permissions that I'm coming unstuck.

So far I've checked out the File.GetAccessC ontrol method but from what I've read so far it appears to point to a bitmask of permissions - normally this wouldn't be an issue but I can't find any information on the constants that are used for the bitmask.

try this

Code:

public void Chec(string fileName)
        {
            FileSecurity fileSec = File.GetAccessControl(fileName);
            AuthorizationRuleCollection acl = fileSec.GetAccessRules(
               true, true, typeof(System.Security.Principal.NTAccount));

            
            foreach (FileSystemAccessRule i in acl)
            {
                Console.WriteLine("------------------------------------------------");
                Console.WriteLine("Owner:"+i.IdentityReference.Value.ToString());
                Console.WriteLine("Type: "+ i.AccessControlType);                
                Console.WriteLine("Rights: "+ i.FileSystemRights);          
                            
                
                
            } 
        }

**balabaster** · Nov 27 '08, 03:00 PM

Thanks DeepBlue - that looks like just what I was after and it's greatly appreciated... do you have any decent reference material when it comes to this area of .NET? I raided all my books and trawled MSDN looking for stuff but the only info I could find was regarding setting or getting info if you had an NT Account to check against, which in this instance was useless.

**PRR** · Nov 28 '08, 05:19 AM

i made some notes of it .. frm an article... havent yet traced it back though ....
search for "AuthorizationR uleCollection" .. you will get some articles... i remember reading abt in material covering 70-536 MS exam....(though may not be in d MS book....)

File permission audit

File permission audit

Comment

Comment

Comment

Comment

Comment

Comment