I'm using a script to change ACL's on a folder/file structure.
I've worked out how to correctly turn inheritance on and off with no problems.
However when I turn inheritance on it's not removing/overwriting the existing ACL's that have been set.
What I'm trying to accomplish is to turn inheritance on or off. But still have the ability to add and remove users from the dacl.
public void UpdateDacl()
{
//let fsal know that an update is in progress.
//this method could take some time and we dont want to process another
//or change the cachedFolder
_updating = true;
_errorMessage = string.Empty;
DirectorySecurity dirSecurity = new DirectorySecurity();
if (IsInheriting == false)
{
//Inheritence is turned off with ace's copied
dirSecurity = Directory.GetAccessControl(_cachedPath);
dirSecurity.SetAccessRuleProtection(true, true);
Directory.SetAccessControl(_cachedPath, dirSecurity);
}
if (IsInheriting == true)
{
//Inheritance is turned on
dirSecurity.SetAccessRuleProtection(false, false);
Directory.SetAccessControl(_cachedPath, dirSecurity);
}
foreach (ace entry in _dacl)
if (!entry.IsInherited && (entry.Rule != null))
if ((!entry.IsInherited != true) && (entry.Rule != null))
{
dirSecurity.RemoveAccessRuleAll(entry.Rule);
dirSecurity.AddAccessRule(entry.Rule);
Directory.SetAccessControl(_cachedPath, dirSecurity);
}
_updating = false;
//Now we need to refresh the local list with the new settings in case
//the inheritance has changed
GetDacl();
if (Updated != null)
Updated(null,new EventArgs()); //raise an event
}