win32security, client privleges

Mark Hammond mhammond at skippinet.com.au
Tue Feb 8 23:38:30 CET 2000


If you look up the MS docs for GetFileSecurity() you will notice the
following:

"""To read the system access-control list (SACL) of a file or
directory, the SE_SECURITY_NAME privilege must be enabled for the
calling process."""

Note that privileges are different than permissions.  So, you can use
the function below to enable the privilege for your session - just
pass ntsecuritycon.SE_SECURITY_NAME to this function...

[Taken from the book, which discusses this briefly...]

Mark.

import win32security
import win32api
import sys
import time
from ntsecuritycon import *

def AdjustPrivilege(priv, enable = 1):
    # Get the process token.
    flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
    htoken =
win32security.OpenProcessToken(win32api.GetCurrentProcess(), flags)
    # Get the ID for the system shutdown privilege.
    id = win32security.LookupPrivilegeValue(None, priv)
    # Now obtain the privilege for this process.
    # Create a list of the privileges to be added.
    if enable:
        newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
    else:
        newPrivileges = [(id, 0)]
    # and make the adjustment.
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)


<daryl_stultz at my-deja.com> wrote in message
news:87pu3o$23i$1 at nnrp1.deja.com...
> Hello, I'm on a Windows NT machine on a managed network. I would
like
> to write an app to manage file security (access rights...) It seems
that
> win32security is just what I need. However, when I run the
following:
>
> import win32security
> win32security.GetFileSecurity("SomeFile")
>
> I get the following error:
>
> api_error: (1314, 'GetFileSecurity', ' A required privilege is not
held
> by the client.')
>
> I have "administrator" status on the network. For kicks, I had the
> domain admin log in to my machine and I got the same error. So it
> appears as though client refers to something other than my User
account.
>
> How do I make this work? Also, is there some decent documentation on
how
> to use the various win32 modules (or is it all in some MS
> documentation?) Thanks.
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.





More information about the Python-list mailing list