Reading the access attributes of directories in Windows
nobody at nowhere.com
Sun Aug 22 06:27:32 CEST 2010
On Fri, 20 Aug 2010 19:41:44 +0200, Thomas Jollans wrote:
>> "Create Folders" and "Delete Subfolders and Files" correspond to having
>> write permission on a directory.
> How does append differ from write? If you have appending permissions, but not
> writing ones, is it impossible to seek? Or is there a more complex "block"
> that bites you when you seek to before the old end of file and try writing
If you have append permission, you can open a file in append mode. AFAICT,
this behaves the same as O_APPEND on Unix, i.e. all writes are
automatically appended to the file, regardless of the current offset.
Having this as a separate permission allows normal users to add entries to
log files but not to erase existing entries.
> Makes me wonder whether SELinux makes changes in this area, and if so,
> how far-reaching they are.
SELinux adds finer-grained permissions (e.g. append is distinct from
write), but also adds role-based checks, i.e. permissions are attached to
individual programs, which limits the extent to which a bug or misfeature
can be exploited.
>> 3. The owner can be either a user or a group.
> What about both?
A file/directory only has one owner.
>> 4. On Windows, a file cannot be "given away" either by its owner or an
>> administrator. You can grant the "Take Ownership" permission, but
>> the recipient still has to explicitly change the ownership.
> Really? So the operating system actually places restrictions on what the
> administrator can do?
Yes, although doubtless such constraints can be circumvented (if you can
install software, you can use the account of anyone who uses the software).
> Or is there a fine distinction here between administrator-accounts in general
> and the NT "Administrator" account that at least some versions of Windows (xp
> home edition springs to mind) appear to try to hide as best they can ?
I don't think that the "Administrator" account is special. AFAICT, any
member of the Administrators group has the same privileges.
More information about the Python-list