Copy File Permissions, But Not Files

Copy file permissions, but not files

You should have a look at the --reference option for chmod:

chmod --reference version2/somefile version1/somefile

Apply find and xargs in a fitting manner and you should be fine, i.e. something like

 ~/version2$ find . -type f | xargs -I {} chmod --reference {} ../version1/{}

This even works recursively, and is robust against missing files in the target directory (bar the No such file ... errors, which can be ignored). Of course it won't do anything to files that only exist in the target directory.

Cheers,

Windows Folder Permissions, Copy into but Cannot Read

From eryksun:

Question/Answer should be moved to superuser

From the command line,
you can run icacls "folder name" /deny *S-1-1-0:(OI)(IO)(RD,WD,AD).

"S-1-1-0" is the security identifier of "Everyone".

"OI" (object inherit) means this entry is inherited by files (but subfolders merely propagate the entry; it doesn't apply to the folders themselves; just their files).

"IO" (inherit only) means the entry does not apply to this folder; it's only for inheritance. And the reaming three are read data, write data, and append data.

(1)
In the GUI: which ones would I exclude? List Read Permissions, Change Permissions,
Seems like Create Files is coupled with Write Data?

copy files without permissions

Try a slightly different approach. Instead of rebuilding each file's ACLs build one ACL and apply it to all files. Also, I believe that your call to .PurgeAccessRules(<IdentityReference>) should instead be calls to .RemoveAccessRule(<AccessRule>)

$location = ".\build"

#Get ACLs for first file in the folder
$ACL = GCI $location -File | Select -First 1 | Get-Acl
#Remove all non-inherited access rules, piped to Out-Null to avoid 'True' spam as it removes rules
$ACL.Access | ?{!$_.IsInherited} | %{$ACL.RemoveAccessRule($_) | Out-Null}

#Search recursivly through location defined;
GCI -r $location | Set-Acl -AclObject $ACL

Aliases used (truncated results):

PS C:\Users\TMTech> Get-Alias GCI,?
CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Alias           GCI -> Get-ChildItem
Alias           % -> ForEach-Object
Alias           ? -> Where-Object 

Copy a file with its original permissions

I believe you can do something like this:

const string sourcePath = @"c:\test.txt";
const string destinationPath = @"c:\test2.txt"

File.Copy(sourcePath, destinationPath);

FileInfo sourceFileInfo = new FileInfo(sourcePath);
FileInfo destinationFileInfo = new FileInfo(destinationPath);

FileSecurity sourceFileSecurity = sourceFileInfo.GetAccessControl();
sourceFileSecurity.SetAccessRuleProtection(true, true);
destinationFileInfo.SetAccessControl(sourceFileSecurity);

Copying directory permissions with C#

Sinatr provided the following link that describes why your code does not work and how to fix it. I notice the link references the top of the page and not the remarks section. This is the section that contains the information you require. Listed below is the correct link.

Directory.SetAccessControl Method Remarks

For future readers, I will summarize here what the documentation states and provide a small code sample.

First the issue

You cannot directly use a DirectorySecutrity object from one file/folder and apply it to another file/folder using just GetAccessControl/SetAccessControl.

From Microsoft:

The SetAccessControl method persists only DirectorySecurity objects
that have been modified after object creation. If a DirectorySecurity
object has not been modified, it will not be persisted to a file.
Therefore, it is not possible to retrieve a DirectorySecurity object
from one file and reapply the same object to another file.

Now the solution

Here are the steps, outline by Microsoft, that will allow you to copy security information from one file or folder to another. Note the comments are from the documentation, the code is from my test program.

using System.Security.AccessControl;
using System.IO;
. . . . 

string srcFolder = @"d:\srcFolder", desFolder = @"d:\desFolder";
byte[] securityDescriptor = null;

// Step 1: Use the GetAccessControl method to retrieve the
// DirectorySecurity object from the source file.
DirectorySecurity srcPermissions = Directory.GetAccessControl(srcFolder);

// Step 2: Create a new DirectorySecurity object for the destination file.
DirectorySecurity desPermissions = new DirectorySecurity();

// Step 3: Use the GetSecurityDescriptorBinaryForm method of the
// source DirectorySecurity object to retrieve the ACL information.
securityDescriptor = srcPermissions.GetSecurityDescriptorBinaryForm();

// Step 4: Use the SetSecurityDescriptorBinaryForm method to copy the
// information retrieved in step 3 to the destination
// DirectorySecurity object.
desPermissions.SetSecurityDescriptorBinaryForm(securityDescriptor);

// Step 5: Set the destination DirectorySecurity object to the
// destination file using the SetAccessControl method.
Directory.SetAccessControl(desFolder, desPermissions);

To test this, I create two folders. One called srcFolder and the other call desFolder. On the desFolder I remove all permissions except for my user account. Note at least one group or user account is required to be present that grants access.

Copy file to a folder with write permission only

You only have write permissions.

from https://learn.microsoft.com/en-us/dotnet/api/system.security.permissions.fileiopermission?view=dotnet-plat-ext-3.1

Write access to the contents of the file or access to change information about the file, such as its name. Also allows for deletion and overwriting.

You are copying a file, so its a create.

---

Related Topics