.NET
File Permissions
Directory Access
Write Permissions
C# Programming

Checking for directory and file write permissions in .NET

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Introduction

In .NET, the most reliable way to know whether you can write to a file or directory is to try the write and handle the exception. Reading ACLs looks attractive, but it is often not enough because real write ability depends on more than one rule, including inheritance, group membership, sharing state, file attributes, and the exact operation being performed.

Why ACL Inspection Alone Is Weak

You can read filesystem access rules in .NET, but that only tells part of the story. A path may look writable according to a simple ACL check and still fail because:

  • the file is read-only
  • another process has it locked
  • the directory does not exist
  • the process token is different from what you assumed
  • inherited deny rules or effective permissions change the result

That is why "check first, then write" is also vulnerable to time-of-check versus time-of-use problems. Permissions can change between the check and the actual write.

The Practical Rule: Attempt the Write

For a directory, the safest test is to create and delete a temporary file inside it.

csharp
1using System;
2using System.IO;
3
4class Program
5{
6    static bool CanWriteToDirectory(string directoryPath)
7    {
8        try
9        {
10            string tempFile = Path.Combine(directoryPath, Path.GetRandomFileName());
11            using (FileStream fs = File.Create(tempFile, 1, FileOptions.DeleteOnClose))
12            {
13            }
14            return true;
15        }
16        catch (UnauthorizedAccessException)
17        {
18            return false;
19        }
20        catch (IOException)
21        {
22            return false;
23        }
24    }
25
26    static void Main()
27    {
28        Console.WriteLine(CanWriteToDirectory(@"C:\Temp"));
29    }
30}

This is not merely a permission check. It tests the real operation your program cares about: creating a file there.

Testing a Specific File

If you want to know whether an existing file can be opened for writing, try opening it with write access.

csharp
1using System;
2using System.IO;
3
4class Program
5{
6    static bool CanWriteToFile(string filePath)
7    {
8        try
9        {
10            using FileStream stream = new FileStream(
11                filePath,
12                FileMode.Open,
13                FileAccess.Write,
14                FileShare.None);
15            return true;
16        }
17        catch (UnauthorizedAccessException)
18        {
19            return false;
20        }
21        catch (IOException)
22        {
23            return false;
24        }
25    }
26
27    static void Main()
28    {
29        Console.WriteLine(CanWriteToFile(@"C:\Temp\example.txt"));
30    }
31}

This catches both missing write rights and file-locking problems, which are equally relevant when your application actually needs to write.

When ACL Inspection Is Still Useful

ACL inspection is useful for diagnostics, admin tools, or reporting. It is just not the best final answer to the question "can I write right now?"

If you do need to inspect access rules, use it as supplemental information. For example, it can help explain why a write failed or display likely rights in an admin UI. It should not replace the real write attempt in application logic.

Different Write Scenarios Need Different Tests

"Write access" is not one universal action. The exact operation matters:

  • creating a new file in a directory
  • appending to an existing file
  • overwriting an existing file
  • modifying file metadata

A directory might allow file creation but not deletion. A file might be writable for append but blocked for exclusive access. That is another reason a real operation-specific test is better than a generic permission guess.

Common Pitfalls

The most common mistake is trying to compute effective write permission only from ACL entries and assuming the result is definitive.

Another mistake is performing a permission check and then assuming the later write will still succeed. The filesystem state can change between those steps.

A third pitfall is treating UnauthorizedAccessException as the only failure mode when IOException can also block a write because of locks, missing paths, or other I/O conditions.

Summary

  • In .NET, the most reliable write-permission test is to attempt the actual write operation.
  • For directories, create and delete a temporary file.
  • For files, try opening the file with write access.
  • ACL inspection is useful for diagnostics, but not as the final authority for real write capability.
  • Match the test to the exact write action your application needs to perform.

Course illustration
Course illustration

All Rights Reserved.