폴더 생성 시 권한 주기(읽기, 쓰기, 수정, 실행)

C# 에서 폴더를 생성할 때 계정에 따른 권한을 주는 방법이 있으며, 아래는 그 내용이다.

관리자 권한으로 실행한 프로그램에서만 테스트 해봐서 유저 권한에서 잘 돌아가는지는 모르겟다. 

2017/11/17 - [프로그램 자료/Visual C#] - [C#] 관리자 권한으로 실행하기 admin administrator

private void CreateFolder(string path)

{

 

    DirectorySecurity directorySecurity = new DirectorySecurity();

    directorySecurity.SetAccessRuleProtection(true, false);

 

    //administrators

    IdentityReference adminId = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);

    directorySecurity.AddAccessRule(new FileSystemAccessRule(adminId, FileSystemRights.FullControl

        , InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

 

    //everyone

    SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);

    directorySecurity.AddAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.ReadAndExecute

        , InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

 

    //creator onwer

    SecurityIdentifier creator = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null);

    directorySecurity.AddAccessRule(new FileSystemAccessRule(creator, FileSystemRights.ReadAndExecute

        , InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

 

    //system

    SecurityIdentifier sys = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);

    directorySecurity.AddAccessRule(new FileSystemAccessRule(sys, FileSystemRights.ReadAndExecute

        , InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

 

    //users

    SecurityIdentifier users = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);

    directorySecurity.AddAccessRule(new FileSystemAccessRule(users, FileSystemRights.ReadAndExecute

        , InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

 

    //current user

    string user = Environment.UserDomainName + "\\" + Environment.UserName;

    directorySecurity.AddAccessRule(new FileSystemAccessRule(user, FileSystemRights.FullControl

        , InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

 

    // set the owner and the group to admins

    directorySecurity.SetOwner(adminId);

    directorySecurity.SetGroup(adminId);

 

    string sDirPath;

    sDirPath = path;

    DirectoryInfo di = new DirectoryInfo(sDirPath);

    if (di.Exists == false)

    {

        di.Create(directorySecurity);

    }

}