[python-win32] Re: Changing Windows NT File Permissions

Justin Johnson justinjohnson at gmail.com
Mon Jul 19 19:41:04 CEST 2004 

Does the following code look right for getting permissions on an
existing file and then adding users to the permissions list?  It seems
to be working for me on some files, but on another it completed
successfully and then when I tried to view permissions on the file
using the windows explorer I got a popup that said:

The permissions on file.ini are incorrectly ordered, which may cause
some entries to be ineffective.  Press OK to continue and sort the
permissions correctly, or Cancel to reset the permissions.

Should I be using something other than
DACL_SECURITY_INFORMATION for the info passed to GetFileSecurity?

def giveUsersFullControlOfFile(userIds, file):
   info = win32security.DACL_SECURITY_INFORMATION
   sd = win32security.GetFileSecurity(file, info)
   acl = sd.GetSecurityDescriptorDacl()

   for userId in userIds:
       sidUser = win32security.LookupAccountName(None,userId)[0]
       sidCreator = pywintypes.SID()
       sidCreator.Initialize(ntsecuritycon.SECURITY_CREATOR_SID_AUTHORITY,1)
       sidCreator.SetSubAuthority(0, ntsecuritycon.SECURITY_CREATOR_OWNER_RID)
       acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser)
       acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidCreator)

   sd.SetSecurityDescriptorDacl(1, acl, 0)
   win32security.SetFileSecurity(file, info, sd)


----- Original Message -----
From: Roger Upole <rwupole at msn.com>
Date: Fri, 16 Jul 2004 18:56:58 -0400
Subject: [python-win32] Re: Changing Windows NT File Permissions
To: python-win32 at python.org









The value you need is 
win32security.DACL_SECURITY_INFORMATION.

Other possible values are 
SACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION,

or GROUP_SECURITY_INFORMATION. (can also be a 
bitwise or combination of any of them)

It threw an error when you passed it 1 
because 1 is OWNER_SECURITY_INFORMATION, and you

passed it a security descriptor without an owner 
set.  And 0 doesn't specify that *any* info should be 
set.

 

        
Roger

More information about the Python-win32 mailing list