Checking File/Folder Access Permission

Checking file/folder access permission

First of all, I would manually check the permissions and see what blocks you and what doesn't. I am using something like this to check for permissions (for copy file):

AuthorizationRuleCollection acl = fileSecurity.GetAccessRules(true, true,typeof(System.Security.Principal.SecurityIdentifier));
bool denyEdit = false;
for (int x = 0; x < acl.Count; x++)
{
    FileSystemAccessRule currentRule = (FileSystemAccessRule)acl[x];
    AccessControlType accessType = currentRule.AccessControlType;
    //Copy file cannot be executed for "List Folder/Read Data" and "Read extended attributes" denied permission
    if (accessType == AccessControlType.Deny && (currentRule.FileSystemRights & FileSystemRights.ListDirectory) == FileSystemRights.ListDirectory)
    {
        //we have deny copy - we can't copy the file
        denyEdit = true;
        break;
    }
... more checks 
}

Also, there are some strange cases where a certain right on the folder changes the right for the files regardless of their individual permissions (will see if I can find what it is).

C# Test if user has write access to a folder

That's a perfectly valid way to check for folder access in C#. The only place it might fall down is if you need to call this in a tight loop where the overhead of an exception may be an issue.

There have been other similar questions asked previously.

How to check whether access permissions have changed for a directory in C#?

You cannot compare the contents of two reference type objects this way.

if (currSecInfo != prevSecInfo) will always return false, unless they both reference to the same object.

Unfortunately, DirectorySecurity type also does not provide Equals overriden method.

There is a StackOverflow article with some ready-made solutions for comparing permissions:

compare windows file (or folder) permissions

Checking File Permissions in Linux with Python

You're right that os.access, like the underlying access syscall, checks for a specific user (real rather than effective IDs, to help out with suid situations).

os.stat is the right way to get more general info about a file, including permissions per user, group, and others. The st_mode attribute of the object that os.stat returns has the permission bits for the file.

To help interpret those bits, you may want to use the stat module. Specifically, you'll want the bitmasks defined here, and you'll use the & operator (bit-and) to use them to mask out the relevant bits in that st_mode attribute -- for example, if you just need a True/False check on whether a certain file is group-readable, one approach is:

import os
import stat

def isgroupreadable(filepath):
  st = os.stat(filepath)
  return bool(st.st_mode & stat.S_IRGRP)

Take care: the os.stat call can be somewhat costly, so make sure to extract all info you care about with a single call, rather than keep repeating calls for each bit of interest;-).

Checking windows file permissions

The only way to be sure if an operation will succeed is to actually try the operation.

However, SetCurrentDirectory will fail if you don't have FILE_TRAVERSE or SYNCHRONIZE permissions for the folder in question. So you can test this using CreateFile without actually changing the directory.

bool TestForSetCurrentDirPermission(LPCWSTR pszDir)
{
    HANDLE hDir = CreateFile(pszDir, FILE_TRAVERSE | SYNCHRONIZE,
        FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING,
        FILE_FLAG_BACKUP_SEMANTICS, NULL);

    if (hDir != INVALID_HANDLE_VALUE) CloseHandle(hDir);
    return hDir != INVALID_HANDLE_VALUE;
}

---

Related Topics