Question Comparing folder permissions

[jrbilodeau]

I'm in the process of writing an app that will scan a list of directories and all subdirectories, and list who has access to them. Since there are is a possibility of there being hundreds or even thousands of directories, my boss asked that i not list the subdirectories that have the same permissions as parent folder in the output report. I came up with the following code, but even when the Directory permissions are an exact match it never comes back as true. Any help would be greatly appreciated

Dim dInfo As New DirectoryInfo(DirectoryName)
Dim dSecurity As New DirectorySecurity

Dim dParentInfo As New DirectoryInfo(dInfo.Parent.FullName)
Dim parentSecurity As New DirectorySecurity
        
Dim obTypeToGet As Type

' Get ACL object on the selected file or folder.  
dSecurity = dInfo.GetAccessControl()
parentSecurity = dInfo.GetAccessControl()
obTypeToGet = Type.GetType("System.Security.Principal.NTAccount")

Dim arc As AuthorizationRuleCollection = dSecurity.GetAccessRules(True, True, obTypeToGet)
Dim arcParent As AuthorizationRuleCollection = parentSecurity.GetAccessRules(True, True, obTypeToGet)

If arc.Equals(arcParent) Then
     MessageBox.Show("test")
End If

 

[JohnH]

AuthorizationRuleCollection.Equal (Object.Equals) checks for reference equality, meaning if these references point to same object, which they don't. Same goes for AuthorizationRule class, the Equals method is inherited from Object, and you would have to make comparisons with all rule properties to determine if a rule is "same" as another.

What you could do is first check AreAccessRulesProtected, False indicates rules are inherited from parent. Then specify False for includeInherited parameter when calling GetAccessRules, an empty rules collection is returned when a folder inherits all its rules from the parent. If not the folder has additional rules.

A folder may also have the same rules as a parent, without them being inherited, if inheritance was turned off at some point and current rules was copied from parent, for that there is no other option than to compare rule properties.

Comments about the posted code, this is wrong:

Dim parentSecurity As New DirectorySecurity
parentSecurity = dInfo.GetAccessControl()

correct:

Dim parentSecurity As DirectorySecurity = dInfo.GetAccessControl()

Type.GetType("System.Security.Principal.NTAccount")

Rather than using string literals it is less errorprone and you get full intellisense support by using the type like this:

GetType(System.Security.Principal.NTAccount)

 

[jrbilodeau]

Thanks for the tips.

A folder may also have the same rules as a parent, without them being inherited, if inheritance was turned off at some point and current rules was copied from parent, for that there is no other option than to compare rule properties.

How would i go about comparing the rule properties? would you be able to give an example. It would be much appreciated.

Thanks

 

[JohnH]

How would i go about comparing the rule properties?

Here's a basic example:

If rule1.A = rule2.A AndAlso rule1.B = rule2.B Then 'rules are considered same

For each rule in one collection see if there is a matching rule in the other collection. Creating small methods to help achive the overall task will make things simpler, for example one method can have the single task of comparing if one rule is same as another. One method could check if a rules collection contains a given rule. etc

First you can compare if the rule count is equal in both collections, if rules in both folders are not inherited this would be natural. If for example parent folder has inherited rules you will see something strange though, compared to the displayed rules in Windows Explorer properties there will be a duplicate set that include generic rights. These generic rights are not copied to child folder if inheritance is turned off, they are also not handled by the FileSystemRights enumeration and could be ignored. Here is an article about them if you want to read up on that anyway: Permissions Not Included In .NET AccessRule.FileSystemRights Enum « Cjwdev