[python-win32] win32security.LogonUser
Tim Golden
mail at timgolden.me.uk
Thu Jul 24 11:50:13 CEST 2008
_ _ wrote:
> 1) D: is a local drive
> 2) "testUser" actually have security access. If I execute Notepad as
> "testUser", I can create this file in this folder.
> 3) I check that the folder exists.
Well, can you do some other tests such as:
+ Use os.access or os.exists to determine whether the
new user can see *anything* on the D: drive
+ Can the new user "read" an existing file from that
directory?
+ Can the new user write files in any *other* folder?
+ Can a *different* impersonated user create files?
This isn't a general problem: I can impersonate another
user and write a file to an arbitrary point on my
filesystem. You're going to have to narrow it down
to something which is particular about this case.
TJG
More information about the python-win32
mailing list