Permission for Users group successfully modified via code, but change is not reflected in Security tab for the Users group

Legends

2/18/24, 9:20 PM

I have C# code (at the end) which:

Creates a file
Prints the current ACL
Gives the builtin users group "write permissions" to the previously created file
Prints the current modified ACL

The write permissions are successfully assigned via code as you can see in the console ouput.

My question is: Why does the security tab of the file, not reflect this permission change for the Users group ?

C# code:

var file = "sectest.txt";
File.WriteAllText(file, "File security test.");
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);

string strBuiltInUsersAccount = sid.Translate(typeof(NTAccount)).ToString();
  
FileSecurity fileSecurity = new FileSecurity(file,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);

Console.WriteLine("AFTER CREATE:");

ShowSecurity(fileSecurity); // BUILTIN\Users group doesn't have Write permission

// short: give "builtin\users" write permissions
var fsAccessRule = new FileSystemAccessRule(strBuiltInUsersAccount,
                                            FileSystemRights.Write,
                                            AccessControlType.Allow);

fileSecurity.ModifyAccessRule(AccessControlModification.Add, fsAccessRule, out bool modified);

Console.WriteLine();

Console.WriteLine("AFTER MODIFY:");
ShowSecurity(fileSecurity); // BUILTIN\Users has Write permission

200

1 + 1

security

files

filesystems

security-groups

Greg Askew

2/18/24, 10:14 PM

That only modifies the single access rule in the ACE. It would then need to be persisted to the file. See File.SetAccessControl(filePath, fileSecurity) https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesecurity?view=net-7.0

Score:1

Server

Greg Askew

2/19/24, 12:48 PM

That only modifies the single access rule in the ACE. It would then need to be persisted to the file. See File.SetAccessControl(filePath, fileSecurity)

https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesecurity?view=net-7.0

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Permission for Users group successfully modified via code, but change is not reflected in Security tab for the Users group

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.