EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to allow only read permissions based on some condition

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#6977
Posted: 07/17/2008 10:53:40
by Devesh Mittal (Basic support level)
Joined: 07/11/2008
Posts: 8

Hi,

I want to allow only read access to certain files based on some conditions.

I have tried following things and faced the problems.

1. Setting ProcessRequest = false in CbFltWriteFileC

Problem:: It doesn't work at all. Some time windows shows errors but file is always saved.

2. Removing write and modify access rules from file in CbFltPostOpenFileC and CbFltOpenFileN

Problem:: It works for some editors ( they are able to open file but not modify and save any thing) But for some editor ( for example Microsoft word ), it doesn't work. Ms word is able to save the changes.

Can you please suggest a proper apporach?

Thanks

Here is the code for removing write access rules:

FileSecurity sec = File.GetAccessControl(FileName);
WindowsIdentity self = System.Security.Principal.WindowsIdentity.GetCurrent();
FileSystemAccessRule rule1 = new FileSystemAccessRule(self.Name, FileSystemRights.WriteData, AccessControlType.Allow);
FileSystemAccessRule rule2 = new FileSystemAccessRule(self.Name, FileSystemRights.Write, AccessControlType.Allow);
FileSystemAccessRule rule3 = new FileSystemAccessRule(self.Name, FileSystemRights.Modify, AccessControlType.Allow);

sec.RemoveAccessRule(rule1);
sec.RemoveAccessRule(rule2);
sec.RemoveAccessRule(rule3);

File.SetAccessControl(FileName, sec);

#6996
Posted: 07/18/2008 14:48:01
by Vladimir Cherniga (EldoS Corp.)

If static rule "ReadOnly" don't satisfy your conditions add the next code to the PreOpenFile callback

Code
    if(DesiredAccess & FILE_WRITE_DATA) {
        
        *Accepted = FALSE;
    }
    else {
        *Accepted = TRUE;
    }

Reply

Statistics

Topic viewed 2692 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!