[python-win32] Re: Changing Windows NT File Permissions
Roger Upole
rwupole at msn.com
Tue Jul 20 05:07:40 CEST 2004
This appears to be a problem with ACL's that contain auto-inherited ACE's.
Right now the function is only ordering ACEs so that access-denied ACEs
are first (previously the only requirement). Now ACLs require that inherited
ACEs come last regardless of type. I'll try to get a fix in for this.
Roger
>>> Does the following code look right for getting permissions on an
>>> existing file and then adding users to the permissions list? It seems
>>> to be working for me on some files, but on another it completed
>>> successfully and then when I tried to view permissions on the file
>>> using the windows explorer I got a popup that said:
>>> The permissions on file.ini are incorrectly ordered, which may cause
>>> some entries to be ineffective. Press OK to continue and sort the
>>> permissions correctly, or Cancel to reset the permissions.
>>> Should I be using something other than
>>> DACL_SECURITY_INFORMATION for the info passed to GetFileSecurity?
>>> def giveUsersFullControlOfFile(userIds, file):
>>> info = win32security.DACL_SECURITY_INFORMATION
>>> sd = win32security.GetFileSecurity(file, info)
>>> acl = sd.GetSecurityDescriptorDacl()
>>> for userId in userIds:
>>> sidUser = win32security.LookupAccountName(None,userId)[0]
>>> sidCreator = pywintypes.SID()
>>> sidCreator.Initialize(ntsecuritycon.SECURITY_CREATOR_SID_AUTHORITY,1)
>>> sidCreator.SetSubAuthority(0, ntsecuritycon.SECURITY_CREATOR_OWNER_RID)
>>> acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser)
>>> acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidCreator)
>>>
>>> sd.SetSecurityDescriptorDacl(1, acl, 0)
>>> win32security.SetFileSecurity(file, info, sd)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-win32/attachments/20040719/529fe073/attachment.html
More information about the Python-win32
mailing list