I am trying to read full directories independent of the current file-permissions. But even though I do have "SeBackupPrivilege", the following code leads to an "UnauthorizedAccessException". How can this be?
//Create the test-directory.
string testPath = Path.Combine(Environment.CurrentDirectory, "TestDenied");
string filePath = Path.Combine(testPath, "Foo.txt");
Directory.CreateDirectory(testPath);
using (var fs = File.CreateText(filePath)) {
fs.WriteLine("Foo");
}
var ds = Directory.GetAccessControl(testPath, Utils.AccessControlSectionsToRead);
ds.SetOwner(WindowsIdentity.GetCurrent().User);
ds.AddAccessRule((FileSystemAccessRule)ds.AccessRuleFactory(
WindowsIdentity.GetCurrent().User,
(int)FileSystemRights.FullControl,
false,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Deny)
);
Directory.SetAccessControl(testPath, ds);
//Get the backup-privilege
WinAPI.ModifyPrivilege(PrivilegeName.SeBackupPrivilege, true);
//Checked the privilege on the command line here: The process has it.
//Try to access the forbidden file.
using (var fs = File.OpenRead(filePath)) {
//UnauthorizedAccessException from the line above.
}
How can this happen? I thought, that SeBackupPrivilege gets me access to all files?
What Harry is referring to is what CreateFile refers to as
FILE_FLAG_BACKUP_SEMANTICS. At last check, none of the .Net classes expose this flag (probably because using it is so uncommon).However, for those with a need, there's always PInvoke.