permission rules

2025-12-05 23:53:21 +00:00 · 2017-08-28 17:05:38 -04:00
parent 41d0b53898
commit 2fa1b52a36
1 changed files with 16 additions and 17 deletions
--- a/src/Service/Installer.cs
+++ b/src/Service/Installer.cs
@@ -47,27 +47,26 @@ namespace Service
            }

            var sec = info.GetAccessControl();
-
-            var adminRule = new FileSystemAccessRule(
-                new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null),
-                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
-                InheritanceFlags.None,
-                PropagationFlags.NoPropagateInherit,
-                AccessControlType.Allow);
-            sec.AddAccessRule(adminRule);
-
-            var usersRule = new FileSystemAccessRule(
-                new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null),
-                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
-                InheritanceFlags.None,
-                PropagationFlags.NoPropagateInherit,
-                AccessControlType.Allow);
-            sec.AddAccessRule(usersRule);
-
+            AddPermission(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), sec);
+            AddPermission(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), sec);
+            AddPermission(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), sec);
+            AddPermission(new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null), sec);
+            AddPermission(WindowsIdentity.GetCurrent().User, sec);
            sec.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
            info.SetAccessControl(sec);
        }

+        private void AddPermission(IdentityReference sid, DirectorySecurity sec)
+        {
+            var rule = new FileSystemAccessRule(
+                sid,
+                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
+                InheritanceFlags.None,
+                PropagationFlags.NoPropagateInherit,
+                AccessControlType.Allow);
+            sec.AddAccessRule(rule);
+        }
+
        private void BeforeInstalled(object sender, InstallEventArgs e)
        {
            if(EventLog.SourceExists(_serviceInstaller.ServiceName))