采用C#代码动态设置文件权限

 public FileSystemAccessRule(
   IdentityReference identity,FileSystemRights fileSystemRights,AccessControlType type )
   : this(
    identity,AccessMaskFromRights( fileSystemRights,type ),false,InheritanceFlags.None,PropagationFlags.None,type )
  {
  }
  public FileSystemAccessRule(
   String identity,AccessControlType type )
   : this(
    new NTAccount(identity),type )
  {
  }
  //
  // Constructor for creating access rules for folder objects
  //
  public FileSystemAccessRule(
   IdentityReference identity,InheritanceFlags inheritanceFlags,PropagationFlags propagationFlags,inheritanceFlags,propagationFlags,type )
  {
  }
  internal FileSystemAccessRule(
   IdentityReference identity,int accessMask,bool isInherited,AccessControlType type )
   : base(
    identity,accessMask,isInherited,type )
  {
  }
  #endregion
  #region Public properties
  public FileSystemRights FileSystemRights
  {
   get { return RightsFromAccessMask( base.AccessMask ); }
  }
  internal static int AccessMaskFromRights( FileSystemRights fileSystemRights,AccessControlType controlType )
  {
   if (fileSystemRights < (FileSystemRights) 0 || fileSystemRights > FileSystemRights.FullControl)
    throw new ArgumentOutOfRangeException("fileSystemRights",Environment.GetResourceString("Argument_InvalidEnumValue",fileSystemRights,"FileSystemRights"));
   Contract.EndContractBlock();

   if (controlType == AccessControlType.Allow) {
    fileSystemRights |= FileSystemRights.Synchronize;
   }
   else if (controlType == AccessControlType.Deny) {
    if (fileSystemRights != FileSystemRights.FullControl &&
     fileSystemRights != (FileSystemRights.FullControl & ~FileSystemRights.DeleteSubdirectoriesAndFiles))
     fileSystemRights &= ~FileSystemRights.Synchronize;
   }
   return ( int )fileSystemRights;
  }
  internal static FileSystemRights RightsFromAccessMask( int accessMask )
  {
   return ( FileSystemRights )accessMask;
  }
 }

/// <summary>
 /// 表示用户的标识、访问掩码和访问控制类型（允许或拒绝）的组合。<see cref="T:System.Security.AccessControl.AccessRule"/> 对象还包含有关子对象如何继承规则以及如何传播继承的信息。
 /// </summary>
 public abstract class AccessRule : AuthorizationRule
 {
 /// <summary>
 /// 使用指定的值初始化 <see cref="T:System.Security.AccessControl.AccessRule"/> 类的一个新实例。
 /// </summary>
 /// <param name="identity">应用访问规则的标识。此参数必须是可以强制转换为 <see cref="T:System.Security.Principal.SecurityIdentifier"/> 的对象。</param><param name="accessMask">此规则的访问掩码。访问掩码是一个 32 位的匿名位集合，其含义是由每个集成器定义的。</param><param name="isInherited">如果此规则继承自父容器，则为 true。</param><param name="inheritanceFlags">访问规则的继承属性。</param><param name="propagationFlags">继承的访问规则是否自动传播。如果 <paramref name="inheritanceFlags"/> 设置为 <see cref="F:System.Security.AccessControl.InheritanceFlags.None"/>，则将忽略传播标志。</param><param name="type">有效的访问控制类型。</param><exception cref="T:System.ArgumentException"><paramref name="identity"/> 参数的值不能强制转换为 <see cref="T:System.Security.Principal.SecurityIdentifier"/>，或者 <paramref name="type"/> 参数包含无效值。</exception><exception cref="T:System.ArgumentOutOfRangeException"><paramref name="accessMask"/> 参数的值为零，或者 <paramref name="inheritanceFlags"/> 或 <paramref name="propagationFlags"/> 参数包含无法识别的标志值。</exception>
 protected AccessRule(IdentityReference identity,AccessControlType type);
 /// <summary>
 /// 获取与此 <see cref="T:System.Security.AccessControl.AccessRule"/> 对象关联的 <see cref="T:System.Security.AccessControl.AccessControlType"/> 对象。
 /// </summary>
 /// 
 /// <returns>
 /// 与此 <see cref="T:System.Security.AccessControl.AccessRule"/> 对象关联的 <see cref="T:System.Security.AccessControl.AccessControlType"/> 对象。
 /// </returns>
 public AccessControlType AccessControlType { get; }
 }

 /// <summary>
  /// 获取目录权限列表
  /// </summary>
  /// <param name="path">目录的路径。</param>
  /// <returns>指示目录的权限列表</returns>
  public IList<FileSystemRights> GetDirectoryPermission(string path)
  {
   try
   {
    if (!DirectoryExists(path))
     return null;
    IList<FileSystemRights> result = new List<FileSystemRights>();
    var dSecurity = Directory.GetAccessControl(new DirectoryInfo(path).FullName);
    foreach (FileSystemAccessRule rule in dSecurity.GetAccessRules(true,true,typeof(NTAccount)))
     result.Add(rule.FileSystemRights);
    return result;
   }
   catch (Exception e)
   {
    throw new Exception(e.Message,e);
   }
  }

 /// <summary>
  ///设置目录权限
  /// </summary>
  /// <param name="path">目录的路径。</param>
  /// <param name="permission">在目录上设置的权限。</param>
  /// <returns>指示是否在目录上应用权限的值。</returns>
  public bool SetDirectoryPermission(string path,FileSystemRights permission)
  {
   try
   {
    if (!DirectoryExists(path))
     return false;
    var accessRule = new FileSystemAccessRule("Users",permission,PropagationFlags.NoPropagateInherit,AccessControlType.Allow);

    var info = new DirectoryInfo(path);
    var security = info.GetAccessControl(AccessControlSections.Access);
    bool result;
    security.ModifyAccessRule(AccessControlModification.Set,accessRule,out result);
    if (!result)
     return false;
    const InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
    accessRule = new FileSystemAccessRule("Users",iFlags,PropagationFlags.InheritOnly,AccessControlType.Allow);

    security.ModifyAccessRule(AccessControlModification.Add,out result);
    if (!result)
     return false;
    info.SetAccessControl(security);
    return true;
   }
   catch (Exception e)
   {
    throw new Exception(e.Message,e);
   }
  }

 /// <summary>
  /// 设置目录权限列表
  /// </summary>
  /// <param name="path">目录的路径。</param>
  /// <param name="permissions">在目录上设置的权限。</param>
  /// <returns>指示是否在目录上应用权限的值。</returns>
  public bool SetDirectoryPermissions(string path,FileSystemRights[] permissions)
  {
   try
   {
    if (!DirectoryExists(path) || permissions == null || !permissions.Any())
     return false;
    foreach (var permission in permissions)
     if (!SetDirectoryPermission(path,permission))
      return false;
     return true;
   }
   catch (Exception e)
   {
    throw new Exception(e.Message,e);
   }
  }