How to grant full permission to a file created by my application for ALL users?

c# .net permissions user-accounts winforms

The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?

I know I can try this for a SPECIFIC_USER:

FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow);
FileSecurity fSecurity = File.GetAccessControl(filePath);
fSecurity.SetAccessRule(rule);
File.SetAccessControl(filePath, fSecurity);

But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?

Thanks.

EDIT:

This is the code which worked for me. Taken from the answerer's link.

private void GrantAccess(string fullPath)
{
    DirectoryInfo dInfo = new DirectoryInfo(fullPath);
    DirectorySecurity dSecurity = dInfo.GetAccessControl();
    dSecurity.AddAccessRule(new FileSystemAccessRule(
        new SecurityIdentifier(WellKnownSidType.WorldSid, null), 
        FileSystemRights.FullControl,
        InheritanceFlags.ObjectInherit |
           InheritanceFlags.ContainerInherit,
        PropagationFlags.NoPropagateInherit,
        AccessControlType.Allow));

    dInfo.SetAccessControl(dSecurity);
}

Note the PropagationFlags.NoPropagateInherit which is required (mentioned towards the last in the link). It does grant privilege to even future accounts.


Solution 1:

Note to people using this.

When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSid instead of "everyone".

The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).

using System.Security.AccessControl;
using System.Security.Principal;
using System.IO;

private void GrantAccess(string fullPath)
{
    DirectoryInfo dInfo = new DirectoryInfo(fullPath);
    DirectorySecurity dSecurity = dInfo.GetAccessControl();
    dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
    dInfo.SetAccessControl(dSecurity);
}

Solution 2:

You will need to give full control to "Everyone" group on the machine. Found this post on MSDN which talks about it.

Hope this works for you.

Related

sed delete lines not containing specific string
How would one handle a file upload with Meteor?
C++11: why does std::condition_variable use std::unique_lock?
Python 3 type hinting for None?
D3 Appending Text to a SVG Rectangle
Can sinon stub withArgs match some but not all arguments
How to declare a vector of zeros in R
Is it possible to use Socket.io with AWS Lambda?
How to Extract Year from DATE in POSTGRESQL
Get index of a row of a pandas dataframe as an integer
Jest gives an error: "SyntaxError: Unexpected token export"
Xcode 10.2 Failed to Run App on Simulator with iOS < 10