Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Dealing with Windows File Security Permission Rules for Copying Remote Files

This article presents a programmatic solution to the problem based on adding permissions to the files.


advertisement

The inability to copy remote files downloaded using client FTP Windows Vista program was investigated after an Access Denied Exception was thrown during copying the remote files. A subsequent Web search revealed three Microsoft Knowledge Base articles that explained the cause of the problem and one of them gave a link to a Microsoft Hotfix. This article presents a programmatic solution based on adding permissions to the files.

Environment

There are three computers: A, B and C. Computers A and B run Windows Vista, and are members of the same domain AB (Figure 1).

Computer A

There are two domain accounts. One is a Standard User account. The other is an Administrator account. An X program, written in C#, may run in either account. This program performs two actions: executes the FTP client program on Computer B and copies files from a shared folder on Computer B to Computer A.

Computer B

There is only one Administrator domain account. A shared folder exists to be accessible for Computer A. A Y program, written in C#, uses the FTP client program packaged with Windows Vista to download files from Computer C on demand to the shared folder.

Computer C

There is an FTP Server that satisfies the requests coming from the communicated client on Computer B.




Figure 1. Connected Computers with shown Control and Data Flows

Task

The X program on Computer A is written to require that the Y program on Computer B download a specific file from Computer C to the shared folder. Then, the X program copies that file to Computer A.

Problem

When the X program ran in the Standard User account on Computer A, some files were copied from Computer B and some were not. For files that were not copied, the X program displayed a Message Box with "access denied" because of an exception caught during the copy operation.

Analysis

The following factors were considered during analysis:

  • Files in the shared folder can be there after being:
    • created manually in Windows Explorer by using right-click context menu
    • drag-dropped in Windows Explorer
    • copied by the xcopy built-in command
    • copied by the robocopy utility
    • created by any application
    • copied by any application
    • FTP downloaded automatically
    • FTP downloaded manually
  • Examples of the Permissions data visible on the Security tab in the Properties window for the shared folder and two files in this folder are shown below:
    • For the shared folder (Figure 2)


      Figure 2. Permissions for the shared folder

    • For a file that was created manually by using Windows Explorer (Figure 3)


      Figure 3. Permissions for a manually created file

    • For a file that was downloaded by the FTP client program packaged with Windows Vista (Figure 4)


      Figure 4. Permissions for an FTPed file

  • Copying of files was programmed in C# in the X program that runs on Computer A as follows:

     // within a try block of the try-catch statement.
    		 File.Copy("\\\\<IPv4-IP-Address>\\SharedFolder\\<fileName.txt>",
     			  "c :\\ <MyFolderName>\\<newName.txt>);
  • Copying failed on files that were downloaded using FTP when the X program was executed in the Standard User account.
  • Copying of files that were created\copied\moved on Computer B using Windows Explorer did not fail when the X program was executed in the Standard User account.
  • Copying of any files did not fail when the X program was executed in the Administrator account.

Symptoms of the Problem

As we can see from the above examples, files that were downloaded with FTP on Computer B do not have the permission that allows the X program on Computer A to copy them to that computer.

Web Search Findings

Conducting information search for resources on the Web and reviewing data revealed the following Microsoft articles:

The first two Microsoft articles describe inheritance of permissions for copied or moved files.

The third Microsoft article describes the same symptoms that are described in this article.

Cause of the Problem

It becomes clear from the three articles that the "access denied" was caused by the faulty implementation of the download function of the FTP.exe in Windows Vista.

Hotfix

The third article describes the steps of FTP downloading: the Ftp.exe creates a temporary file in the %temp% folder, and after its successful downloading, it inherits permissions of its parent folder without changing permissions before moving it to the destination folder on the same partition. There is a link to the Microsoft hotfix: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=973510&kbln=en-us

Programmatic Solution

Another possible solution that is applicable is to programmatically add the needed Permission on the FTP downloaded files. A C# code example follows:

FileInfo fi = new FileInfo(fileNameVariable);
 FileSecurity fs = fi.GetAccessControl();
//Name of a user account and type of operation associated with access rules below are 
//used only as an example. 
       fs.AddAccessRule(new FileSystemAccessRule("Domain Users",
  FileSystemRights.FullControl,
  AccessControlType.Allow));
       fi.SetAccessControl(fs); 

An example of the Permissions for an FTPed file after execution of the above code is shown on Figure 5.


Figure 5. Modified Permissions for an FTPed file

Conclusions

Executing the presented code changes permissions on the FTP downloaded files on Computer B will allow the X program on Computer A to copy the files to that computer. You can adapt this code example by selecting suitable for your company policy arguments to create your own programmatic solution.

Acknowledgements

My special thanks to my colleagues who supported me with their advice while they were waiting for this solution to be successfully applied. I own my deep gratefulness to Kevin Michaels without whom this task could not have been accomplished. I also thank Debie Urycki for proof reading and suggestions on corrections.

About the Author

Boris Eligulashvili was a Systems Software Architect at ViewRay, Inc. a medical device company developing advanced radiation therapy technology for the treatment of cancer at time of writing this paper. In his career, he has implemented many innovative software solutions for various software development projects.



   
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap