[python-win32] Folder Permissions - Inherit problem

Feiock, Dennis DFeiock at ameripath.com
Tue Mar 28 14:20:50 CEST 2006 

> Dennis Feiock wrote:
 
>> Hi all,
>> 
>> I have been trying to write a script to backup/restore NTFS
permissions.
>> I have come across one problem.
>> 
>> How can I set a folder to inherit its permissions?  I am able to
detect
>> if a folder has inherited permissions by:
>> 
>> 16 & ACE_FLAGS == 16
>> 
>> When I am stepping through them and exporting to an XML file.
>> 
>> I found this message:
>> 
>> http://mail.python.org/pipermail/python-win32/2004-July/002112.html
>> 
>> Which states that ACEs have to be in a certain order (inherited ACEs
>> last).
 
> ACEs are automatically reordered when they're added.
 
Thanks for the info!  That makes things a lot easier.
 
>> I am able to use the win32security.SetFileSecurity function correctly
to
>> set permissions.  It's just that when I go to view the inheritance on
>> the folder, the checkbox is always unchecked.
 
 
> When building the ACL yourself,  you'll need to use
> AddAccessAllowedAceEx and AddAccessDeniedAceEx
> to be able to specify the inheritance flags.
> Also, see this thread:
>
http://mail.python.org/pipermail/python-win32/2006-February/004210.html
> for a discussion on storing permissions for later restoral.

 

Thanks for this link as well.  That will make things much easier.  So
far, I have been exporting out the owner and each ACE to an xml file to
verify/reconstruct in the future.

 

When I tested using AddAccessAllowedAceEx on a folder, I noticed that
the existing subfolders that have inheritance enabled do not
automatically take on the added permission.  When creating a new folder,
it added the ACE as it should.  Any suggestions?  Here is the code I
used (note: I couldn't find information on the SetDacl options, so that
might be it):

 

>>> import win32security

>>> matt = win32security.LookupAccountName(None,'mbailey')[0]

>>> matt

<PySID object at 0x009A5788>

>>> fullpath = r'K:\Python\ACL Report\testfolder1'

>>> fullpath

'K:\\Python\\ACL Report\\testfolder1'

>>> sd1 = win32security.GetFileSecurity(fullpath,
win32security.DACL_SECURITY_IN

FORMATION)

>>> sd1

<PySECURITY_DESCRIPTOR object at 0x009A4AD8>

>>> dacl1 = sd1.GetSecurityDescriptorDacl()

>>> dacl1

<PyACL object at 0x009C0678>

>>> dacl1.GetAceCount()

7

>>> dacl1.AddAccessAllowedAceEx(win32security.ACL_REVISION_DS,
win32security.CON

TAINER_INHERIT_ACE|win32security.OBJECT_INHERIT_ACE,2032127,matt)

>>> dacl1.GetAceCount()

8

>>> sd1.SetDacl(1,dacl1,0)

>>> sd1

<PySECURITY_DESCRIPTOR object at 0x009A4AD8>

>>>
win32security.SetFileSecurity(fullpath,win32security.DACL_SECURITY_INFOR
MATI

ON,sd1)

>>> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-win32/attachments/20060328/80de7f72/attachment.htm

More information about the Python-win32 mailing list