Re: Setting folder permissions
- From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
- Date: Wed, 19 Mar 2008 17:37:26 +0100
"David" <david.colliver.NEWS@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23M0DcddiIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
I was using LOCAL SERVICE but have now changed it.
Currently, I am looking at a share on MY OWN PC, so it is like a loopback. I am using a local user account. When the app is deployed, it will be on a server that uses Active Directory.
Yes, but it's a share, which means it's accessed by the network Server component as if it was a remote share.
"Local Service" is a local account, is an account that has no network access permission, hence the "Local".
Do I have to give my local account for the service admin permissions? Doing that makes it work, but is that not a risk?
You don't have to run your service using *your* local account, create another non interactive account for this and give this account the required privileges but nothing more.
Willy.
--
Best regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Local franchises available
"Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in message news:uFaL%23PdiIHA.748@xxxxxxxxxxxxxxxxxxxxxxxSo, you are using a local account (your service account) to change the file permissions on a remote system, right?
Well, this won't work, unless :
- this account is a shadow account, that is an account that exists on both systems with the exact same credentials.
- and the account has admin privileges on the remote system.
Willy.
,
"David" <david.colliver.NEWS@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:uYLnY2ciIHA.3512@xxxxxxxxxxxxxxxxxxxxxxxThank you...
My service was running under LOCAL SERVICE initially, so I have changed it. I changed it to my admin account and got everything working.
Since then, I have given it a less priviledged account (an account initially with guest priviledges) and it stops. So, I promoted it to the Users group and it still fails, however, it looks like a different failure.
I don't have a domain here, so I am using local accounts to test it...
What happens now is that the folder is created and the account that the service uses is added to the folder permissions. I am guessing that is because effectively, my service account is the owner of the service. However, when I check the permissions, absolutely no permissions have been granted, just the account is in the list.
My code to assign permissions is...
dirSec.AddAccessRule(new FileSystemAccessRule(ConfigurationManager.AppSettings["ServiceAccount"], FileSystemRights.Modify, AccessControlType.Allow));
The above line now does not fail where it did before. So, now I don't know what else to do...
Thanks.
--
Best regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Local franchises available
"Peter Ritchie [C# MVP]" <PRSoCo@xxxxxxxxxxxxxxxxx> wrote in message news:7BA8BF08-D86A-4B28-895D-1690A06EB593@xxxxxxxxxxxxxxxxYou have to make sure that first the login under which the service is running
(defaults to SYSTEM) has permission to do the operations you're requesting on
the host in the UNC. I think by default the SYSTEM account on one computer
has no such rights on another computer. You'll probably want to
install/configure your service to use a specific login that has permission to
create directories (etc).
--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
"David" wrote:
Hi,
I am creating a windows service. This service has a filewatcher on it.
When I drop a file, I want to parse the filename then create the directory.
The directory will be in a filestore server so I am passing in a UNC path.
The filestore directory will then also be a virtual directory within an
ASP.NET application, so I need to take those permissions into consideration.
I am having problems setting the permissions. The error is
UnauthorizedAccessException.
Here is my code...
string RootPath =
ConfigurationManager.AppSettings["StorePathRoot"];
string[] Folder = e.Name.Split('_');
if (Folder[0] != string.Empty)
{
RootPath += Folder[0] + "\\";
if (!Directory.Exists(RootPath))
{
Directory.CreateDirectory(RootPath);
DirectoryInfo hInfo = new DirectoryInfo(RootPath);
DirectorySecurity dirSec = hInfo.GetAccessControl();
dirSec.AddAccessRule(new
FileSystemAccessRule(@"david\Everyone", FileSystemRights.Modify,
AccessControlType.Allow));
dirSec.AddAccessRule(new
FileSystemAccessRule(@"david\LOCAL SERVICE", FileSystemRights.Modify,
AccessControlType.Allow));
hInfo.SetAccessControl(dirSec);
}
}
System.IO.File.Move(e.FullPath, RootPath + e.Name);
I set the path in the app.config. This is a UNC path (currently to my pc,
but will go to a network share). As you can see, I am trying to give
"Everyone" permisssion and "LOCAL SERVICE" permission. It is actually
failing on the first one, "Everyone". The directory is being created fine.
In fact, if I didn't have the permission routine, when I copy a file into my
drop folder, it does get moved, though if I copy 2 files into the drop
folder, it stops. (I am copying an xml and a pdf file with the same first
part of the filename, i.e. test_1.xml and test_1.pdf )
Any help appreciated.
Thanks.
--
Best regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Local franchises available
.
- Follow-Ups:
- Re: Setting folder permissions
- From: David
- Re: Setting folder permissions
- References:
- Setting folder permissions
- From: David
- RE: Setting folder permissions
- From: Peter Ritchie [C# MVP]
- Re: Setting folder permissions
- From: David
- Re: Setting folder permissions
- From: Willy Denoyette [MVP]
- Re: Setting folder permissions
- From: David
- Setting folder permissions
- Prev by Date: Re: Generic List<> change events
- Next by Date: COM Interop - Access to the path XXX is denied.
- Previous by thread: Re: Setting folder permissions
- Next by thread: Re: Setting folder permissions
- Index(es):
Relevant Pages
|
