在受限用户帐户XP中运行时,C#应用程序无法读取/写入管理员创建的文件

时间:2021-08-30 05:36:45

I have an application that is useable by all users (admin or limited) in .NET (C# specifically).

我有一个可供.NET中所有用户(管理员或有限)使用的应用程序(特别是C#)。

When the application first launches - it creates a few files that it needs in the C:\Documents and Settings\All Users\Documents\ for all subsequent launches.

当应用程序首次启动时 - 它会在C:\ Documents and Settings \ All Users \ Documents \中为所有后续启动创建一些所需的文件。

If the limited user in XP is the FIRST user to launch the application it creates the files fine and both the limited user and administrators can run fine.

如果XP中的受限用户是启动应用程序的第一个用户,则可以很好地创建文件,并且受限用户和管理员都可以正常运行。

However if the Administrator (or I am guessing a different limited user) is the first to launch the application then the limited user is NOT able to run the application.

但是,如果管理员(或者我猜不同的有限用户)是第一个启动应用程序,那么受限用户将无法运行该应用程序。

The two files that it is NOT able to read/write to if created by an Administrator is a Log4Net log file and a SQLite db file.

如果由管理员创建,则无法读取/写入的两个文件是Log4Net日志文件和SQLite db文件。

The SQLite database file is being created with a straitforward .NET File.Copy(sourcepath, destinationpath). The sourcepath is a seed database file installed with the application - so on first run it copies that from the C:\Program Files\app install\seed.db

正在使用straitforward .NET File.Copy(sourcepath,destinationpath)创建SQLite数据库文件。 sourcepath是随应用程序一起安装的种子数据库文件 - 所以在第一次运行时它会从C:\ Program Files \ app install \ seed.db中复制它

Is there a way to set the permissions on the file when I copy it? File.SetAccessControl() perhaps? I am not clear on how that works.

有没有办法在复制文件时设置文件的权限? File.SetAccessControl()也许吧?我不清楚它是如何工作的。

The other issue is that the log4Net rolling file appender will not roll the old file and create a new as the old file was created by the admin user when they ran the app.

另一个问题是log4Net滚动文件追加器不会滚动旧文件并创建新文件,因为管理员用户在运行应用程序时创建了旧文件。

Any ideas? Ironically this all works perfectly fine in Vista with limited/admin accounts - this is ONLY happening in XP with admin/limited accounts.

有任何想法吗?具有讽刺意味的是,这一切在使用有限/管理员帐户的Vista中完全正常 - 这只发生在XP中,具有管理员/有限帐户。

2 个解决方案

#1


Yeah, it's the SetAccessControl method all right, there is a good example here (the post from satankidneypie)

是的,这是SetAccessControl方法,这里有一个很好的例子(来自satankidneypie的帖子)

Good luck

#2


I think SetAccessControl is the way to go. Maybe something like this:

我认为SetAccessControl是要走的路。也许是这样的:

// get the existing access controls
FileSecurity fs = File.GetAccessControl(yourFilename);

// add the new rule to the existing settings
fs.AddAccessRule(new FileSystemAccessRule(
    @"DOMAIN\Users",  // or "BUILTIN\Users", "COMPUTER\AccountName" etc
    FileSystemRights.Modify,
    AccessControlType.Allow));

// set the updated access controls
File.SetAccessControl(yourFilename, fs);

Note: It's important that you get the existing access control list from the file and then add your new rule to that. If you just create a new access control list from scratch then it will overwrite the existing permissions completely.

注意:从文件中获取现有访问控制列表,然后将新规则添加到该列表中非常重要。如果您只是从头创建一个新的访问控制列表,那么它将完全覆盖现有的权限。

#1


Yeah, it's the SetAccessControl method all right, there is a good example here (the post from satankidneypie)

是的,这是SetAccessControl方法,这里有一个很好的例子(来自satankidneypie的帖子)

Good luck

#2


I think SetAccessControl is the way to go. Maybe something like this:

我认为SetAccessControl是要走的路。也许是这样的:

// get the existing access controls
FileSecurity fs = File.GetAccessControl(yourFilename);

// add the new rule to the existing settings
fs.AddAccessRule(new FileSystemAccessRule(
    @"DOMAIN\Users",  // or "BUILTIN\Users", "COMPUTER\AccountName" etc
    FileSystemRights.Modify,
    AccessControlType.Allow));

// set the updated access controls
File.SetAccessControl(yourFilename, fs);

Note: It's important that you get the existing access control list from the file and then add your new rule to that. If you just create a new access control list from scratch then it will overwrite the existing permissions completely.

注意:从文件中获取现有访问控制列表,然后将新规则添加到该列表中非常重要。如果您只是从头创建一个新的访问控制列表,那么它将完全覆盖现有的权限。