我有以下代码:
DirectoryInfo directory = new DirectoryInfo(@"C:\Program Files\Company\Product");
if (!directory.Exists) { directory.Create(); }
DirectorySecurity directorySecurity = directory.GetAccessControl();
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
directorySecurity.AddAccessRule(
new FileSystemAccessRule(
securityIdentifier,
FileSystemRights.Write,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow));
directory.SetAccessControl(directorySecurity);
对AddAccessRule的调用将抛出具有以下堆栈跟踪的InvalidOperationException:
System.InvalidOperationException: This access control list is not in canonical form and therefore cannot be modified.
at System.Security.AccessControl.CommonAcl.ThrowIfNotCanonical()
at System.Security.AccessControl.CommonAcl.AddQualifiedAce(SecurityIdentifier sid, AceQualifier qualifier, Int32 accessMask, AceFlags flags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType)
at System.Security.AccessControl.DiscretionaryAcl.AddAccess(AccessControlType accessType, SecurityIdentifier sid, Int32 accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
at System.Security.AccessControl.FileSystemSecurity.AddAccessRule(FileSystemAccessRule rule)
这只发生在某些系统上(我见过Windows XP和Windows 7)。在出现错误的情况下,使用Windows资源管理器查看目录的安全权限通常会导致显示包含以下文本的消息框:
上的权限顺序不正确,这可能会导致某些条目无效。按“确定”继续并对权限进行正确排序,或按“取消”重置权限。
此时单击OK即可解决此问题。这里发生了什么事?系统是如何进入这种状态的,有没有办法通过编程来检测/修复它(也就是说,不需要用户手动使用Explorer来修复)?
更新
我对ACL,什么是规范形式,以及why it's necessary做了更多的研究。我仍然不确定文件通常是如何进入这种状态的,但我发现Icacls工具可以用来创建具有非规范ACL的目录,方法是保存权限列表,将其更改为乱序,然后恢复它。现在我只需要一种方法来修复它,而不需要用户交互。
https://stackoverflow.com/questions/8126827
复制相似问题