Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CreateDirectory uses custom security descriptor for parents #77482

Open
iSazonov opened this issue Oct 26, 2022 · 3 comments
Open

CreateDirectory uses custom security descriptor for parents #77482

iSazonov opened this issue Oct 26, 2022 · 3 comments
Labels
area-System.IO
Milestone
Future

Comments

@iSazonov
Copy link
Contributor

iSazonov commented Oct 26, 2022
edited
Loading

Currently Unix code was changed to create parent directories with DefaultUnixCreateDirectoryMode but Windows code continue to inherit .Net Framework behavior and assign custom security descriptor if presents.

On Windows we usually prefer to inherit permissions and set custom ones only on leaf folder or file. I'd expect the CreateDirectory should follow this too.

Related to #61954
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Oct 26, 2022
@ghost
Copy link

ghost commented Oct 26, 2022

Tagging subscribers to this area: @dotnet/area-system-io
See info in area-owners.md if you want to be subscribed.

Issue Details

Currently Unix code was changed to create parent directories with DefaultUnixCreateDirectoryMode but Windows code continue to inherit .Net Framework behavior and assign custom security descriptor if presents.

On Windows we usually prefer to inherit permissions and set custom ones only on leaf folder or file. I'd expect the CreateDirectory should follow this too.

Author: iSazonov
Assignees: -
Labels:

area-System.IO
Milestone: -

@jozkee
Copy link
Member

jozkee commented Dec 22, 2022

Windows code continue to inherit .Net Framework behavior and assign custom security descriptor if presents.

What do you mean by "assign custom security descriptor"? All callsites of FileSystem.CreateDirectory do not provide a security descriptor at all, so it is always null. Is the Windows API the one implicitly inheriting the permissions?

We usually need a good reason to change defaults that are in place since .NET Framework. Can you provide a use case of why this is important? The only reason I see now is to align Windows' CreateDirectory with Unix but at the expense of breaking a legacy default that may impact customers migrating from old fw to modern .NET.

@jozkee jozkee added this to the Future milestone Dec 22, 2022
@ghost ghost removed the untriaged New issue has not been triaged by the area owner label Dec 22, 2022
@iSazonov
Copy link
Contributor Author

What do you mean by "assign custom security descriptor"?

I say about creating parent folders if they are not exist. Right behavior is to inherit security descriptor for them and set custom security descriptor only for most level folder as we do on Unix now.
If we create c:\exist\noexist1\noexist2\work the noexist1 must inherits security descriptor from c:\exists, then the noexist2 from noexist2 and then we should assign custom security descriptor for work` folder.

If the change is a breaking change why was the change approved for Unix? This kills portability - now we have to write different code for different platform to get the same behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.IO
Projects
None yet
Milestone
Future
Development

No branches or pull requests
2 participants
@jozkee @iSazonov