This project is read-only.

GetAccessRules bug

Jan 11, 2012 at 9:58 PM

I have a longh path directory structure, with one of the lower-level directories having an extra permission that I added manually.

When calling

DirectorySecurity.GetAccessRules(true, false, typeof(System.Security.Principal.NTAccount)); // do not include inherited

1) at upper level directories the call returns ALL rules, including inherited, flag IsInherited being set to false (which is wrong)

2) on the directory with an extra permission behavior becomes correct, only non-iherited permissions are returned (the one I added manually),

3) on all the directories below the modified one (which I didn't touch) the call returns 0 non-inherited rules, which is also correct.

Windows 7 Enterprise x64, all latest updates.

Below is the sample code that should illustrate the problem. Simply call it against any "normal" directory (the one you havent adjusted Permissions manually), and you will get all rules (including inherited) via Alpha, while the "standard" System.IO code works as designed:

private static void TryRules(string path)
{
	Console.WriteLine("AlphaFS");
	string longpath = EnsureLongPath(path);
	DirectorySecurity ds = Directory.GetAccessControl(longpath, AccessControlSections.Access);
	var rules = ds.GetAccessRules(truefalsetypeof(System.Security.Principal.NTAccount)); // do not include inherited
	foreach (FileSystemAccessRule rule in rules)
	{
		Console.WriteLine("Rights: {0}, Owner: {1}, IsInherited: {2}", rule.FileSystemRights, rule.IdentityReference.Value, rule.IsInherited);
	}
	Console.WriteLine("System.IO");
	ds = System.IO.Directory.GetAccessControl(path);
	rules = ds.GetAccessRules(truefalsetypeof(System.Security.Principal.NTAccount)); // do not include inherited
	foreach (FileSystemAccessRule rule in rules)
	{
		Console.WriteLine("Rights: {0}, Owner: {1}, IsInherited: {2}", rule.FileSystemRights, rule.IdentityReference.Value, rule.IsInherited);
	}
 
}
 
private static string _longPathPrefix = @"\\?\";
private static string EnsureLongPath(string path)
{
	if (String.IsNullOrWhiteSpace(path))
		throw new ArgumentException("Path cannot be null or empty");
	if (path.StartsWith(_longPathPrefix))
		return path;
	else
		return _longPathPrefix + path;
}

 ---------------

Anybody knows workaround? Or is it something the Alpha team should fix? Or is this a bug in Windows?

TIA

Nikolai Sklobovsky

 

Jan 11, 2012 at 10:46 PM

More info:

As an attempt to find a workaround, I modifiied my root test directory (%temp%\test) by adding a extra dummy Permission. As described above, this directory and anything under it started to behave correctly.

Now, I went ahead and removed that extra permission. Still, Alpha method continue to work correctly on this level and down (but not up).

This is really weird....

Jan 11, 2012 at 11:44 PM

Even more info:

this doesn't happen on the regular folders. As I have mentioned above, I was testing under %temp%.

If I start with something that is not a special folder, (e.g. c:\dev, c:\test, etc.) everything behaves as it should...

Mystery...

Jan 12, 2012 at 2:30 AM

Are those special folders links?

On Jan 11, 2012 5:44 PM, "nsklobovsky" <notifications@codeplex.com> wrote:

From: nsklobovsky

Even more info:

this doesn't happen on the regular folders. As I have mentioned above, I was testing under %temp%.

If I start with something that is not a special folder, (e.g. c:\dev, c:\test, etc.) everything behaves as it should...

Mystery...

Read the full discussion online.

To add a post to this discussion, reply to this email (alphafs@discussions.codeplex.com)

To start a new discussion for this project, email alphafs@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com

Jan 12, 2012 at 8:10 PM

When I mentioned %temp% I was just a lazy typist.

I was using its fully qualified name, yet this folder is in fact my %temp% one:

C:\Users\<my user name>\AppData\Local\Temp