[python-win32] Re: Using win32file.CreateDirectory including setting
Roger Upole
rwupole at msn.com
Sat Jan 29 05:01:45 CET 2005
Note the flags in the ACE when you set the permissions manually.
The difference is not in the access mask, but in the flags.
AddAccessAllowedAce doesn't provide for inheritance flags.
You need to use AddAccessAllowedAceEx in order to be able
to duplicate these permissions exactly.
acl2.AddAccessAllowedAceEx(win32security.ACL_REVISION_DS,
win32security.OBJECT_INHERIT_ACE|win32security.CONTAINER_INHERIT_ACE,
win32file.FILE_ALL_ACCESS, sid)
Better late than never ;)
Roger
Alex Willmer wrote:
>
> win32file.CreateDirectory(r'c:\test42',sa)
>
> My problem is that I need users to have 'Full Control' of the directory,
> as reported by the properties dialog of the directory. The
> win32file.FILE_ALL_ACCESS doesn't achieve this, it reports the directory
> as having 'Special Access', with none of the checkboxes in the advanced
> page ticked.
>
> What is the correct constant to pass to acl.AddAccessAllowedAce?
>
OK, a little more playing reveals the following. C:\test43 was created
manually and my account given full permission
>>> import win32file, win32security, ntsecuritycon
>>> sd =
win32security.GetFileSecurity(r'c:\test42',win32security.DACL_SECURITY_INFORMATION)
>>> acl = sd.GetSecurityDescriptorDacl()
>>> acl.GetAceCount()
1
>>> acl.GetAce(0)
((0, 3), 2032127, <PySID object at 0x01112968>)
>>> def bin(x): return ''.join([('0','1')[(x >> i) & 0x01] for i in
range(31,-1,-1)])
...
>>> bin(acl.GetAce(0)[1])
'00000000000111110000000111111111'
>>>
This all seems good so far, however:
>>> sid = win32security.LookupAccountName('','alex')[0]
>>> sa = win32security.SECURITY_ATTRIBUTES()
>>> acl2 = win32security.ACL(128)
>>> acl2.AddAccessAllowedAce(x, sid)
>>> sa.SetSecurityDescriptorDacl(1,acl2,0)
>>> win32file.CreateDirectory(r'c:\test44',sa)
>>> win32file.FILE_ALL_ACCESS
2032127
>>> win32file.FILE_ALL_ACCESS==x
1
More information about the Python-win32
mailing list