C# 控制NTFS目录权限

using System;
using System.Collections.Generic;
using System.Security.AccessControl;
using System.IO;
namespace SovSafe
{
    class NTFS_Control
    {
        public NTFS_Control()
        { }

        // 添加 指定目录 指定用户 指定的 权限
        public void AddDirectorySecurity(string FileName, string Account, string UserRights)
        {
            FileSystemRights Rights = new FileSystemRights();

            if (UserRights.IndexOf("R") >= 0)
            {
                Rights = Rights | FileSystemRights.Read;
            }
            if (UserRights.IndexOf("C") >= 0)
            {
                Rights = Rights | FileSystemRights.ChangePermissions;
            }
            if (UserRights.IndexOf("F") >= 0)
            {
                Rights = Rights | FileSystemRights.FullControl;
            }
            if (UserRights.IndexOf("W") >= 0)
            {
                Rights = Rights | FileSystemRights.Write;
            }

            bool ok;
            DirectoryInfo dInfo = new DirectoryInfo(FileName);
            DirectorySecurity dSecurity = dInfo.GetAccessControl();
            InheritanceFlags iFlags = new InheritanceFlags();
            iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
            FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, Rights, iFlags, PropagationFlags.None, AccessControlType.Allow);
            dSecurity.ModifyAccessRule(AccessControlModification.Add, AccessRule2, out ok);
            dInfo.SetAccessControl(dSecurity);

        }

        // 获取 指定目录 除Administrators和SYSTEM之外的 权限列表
        public List<string> GetDirectoryAccountSecurity(string DirName)
        {
            List<string> dAccount = new List<string>();
            DirectoryInfo dInfo = new DirectoryInfo(DirName);
            if (dInfo.Exists)
            {
                DirectorySecurity sec = Directory.GetAccessControl(DirName, AccessControlSections.All);
                foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
                {
                    if (rule.IdentityReference.Value != @"NT AUTHORITY/SYSTEM" && rule.IdentityReference.Value != @"BUILTIN/Administrators")
                        dAccount.Add(rule.IdentityReference.Value);
                }
            }
            return dAccount;
        }

        // 移除 指定目录 指定用户的 权限
        public void RemoveDirectoryAccountSecurity(string DirName, string Account)
        {
            DirectoryInfo dInfo = new DirectoryInfo(DirName);
            if (dInfo.Exists)
            {
                System.Security.Principal.NTAccount myAccount = new System.Security.Principal.NTAccount(System.Environment.MachineName, Account);

                DirectorySecurity dSecurity = dInfo.GetAccessControl();

                FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow);
                FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny);

                InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
                PropagationFlags pFlags = PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit;

                dSecurity.AccessRuleFactory(myAccount, 983551, false, iFlags, pFlags, AccessControlType.Allow);

                dSecurity.RemoveAccessRuleAll(AccessRule);
                dSecurity.RemoveAccessRuleAll(AccessRule2);

                dInfo.SetAccessControl(dSecurity);
            }
        }

        // 获取 指定文件 除Administrators和SYSTEM之外的 权限列表
        public List<string> GetFileAccountSecurity(string fileName)
        {
            List<string> fAccount = new List<string>();
            FileInfo fInfo = new FileInfo(fileName);
            if (fInfo.Exists)
            {
                FileSecurity fec = File.GetAccessControl(fileName, AccessControlSections.All);
                foreach (FileSystemAccessRule rule in fec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
                {
                    if (rule.IdentityReference.Value != @"NT AUTHORITY/SYSTEM" && rule.IdentityReference.Value != @"BUILTIN/Administrators")
                        fAccount.Add(rule.IdentityReference.Value);
                }
            }
            return fAccount;
        }

        // 移除 指定文件 指定用户的 权限
        public void RemoveFileAccountSecurity(string fileName, string Account)
        {

            FileInfo fInfo = new FileInfo(fileName);
            if (fInfo.Exists)
            {
                FileSecurity fSecurity = fInfo.GetAccessControl();
                FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow);
                FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny);
                fSecurity.RemoveAccessRuleAll(AccessRule);
                fSecurity.RemoveAccessRuleAll(AccessRule2);
                fInfo.SetAccessControl(fSecurity);
            }
        }
    }
}

 

本文来自CSDN博客，转载请标明出处：http://blog.csdn.net/fzzsh/archive/2009/03/27/4029470.aspx