0

I have a file that requires a password being written to it. A process reads a password from a file and writes the password to the file so the user that the process runs under requires access to the file. However I wish to block access to everyone else. Currently I've tried the following:

    WindowsIdentity privilegedUser = WindowsIdentity.GetCurrent();
SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
FileSecurity acl = new FileSecurity();
acl.AddAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.Read, AccessControlType.Deny));
acl.PurgeAccessRules(privilegedUser.User);
acl.AddAccessRule(new FileSystemAccessRule(privilegedUser.User, FileSystemRights.Modify,
    AccessControlType.Allow));
File.SetAccessControl(_mirrorConfigFilePath, acl);

However when the process attempts to read the file I'm getting an UnauthorizedAccessException. I think its because the first rule to deny read access to everyone gets precedence. Anyone any ideas how I can resolve this? Or am I even right in my thinking here?!

Fiona
  • 1,599
  • 5
  • 24
  • 38
  • If I remember correctly an empty ACL denies everything by default. So you just need a single allow read entry. – usr May 11 '15 at 09:34
  • I tried that but unfortunately any user can still open/read the file. – Fiona May 11 '15 at 09:47
  • 1
    There are no rules saying the permissions from parent should propagate to it? – Sami Kuhmonen May 11 '15 at 09:57
  • Not sure Sami what you mean by permissions from parent propagating to it. I am only concerned with one file – Fiona May 11 '15 at 10:32
  • 1
    You may only be worried of one file, however if it inherits parent permissions than anything that is not explicitly denied will be allowed. – Der Kommissar May 11 '15 at 13:31

0 Answers0