[python-win32] Backup up Windows ACLs

[Tim Golden]

On 18/03/2011 9:34 PM, Tim Golden wrote:
> On 18/03/2011 9:28 PM, Randy Syring wrote:
>> The issue I am running into is that I am not sure how to copy files from
>> windows to the Linux and preserve ACLs.
>
> I assume that you only want to preserve them as metadata, not
> to map them somehow to whatever security model obtains on the
> Linux disk?
>
> The only kind of thing I can come up with (hand-wavingly) is to
> convert the SD of each file to its equivalent SDDL and then to
> track that along with the file. I was going to suggest stuffing
> it in an ADS but presumably that wouldn't survive the journey
> to Linux either. No doubt you could contrive some kind of
> parallel metadata/database which could hold the info...

... or even (slightly wild-eyed thought) including the SDDL as
a segment in the backed-up filename, suitably escaped. Semi-tested
proof of concept:

<code>
import os, sys
import win32security
import win32file

if not os.path.exists ("c:/temp/sddl"):
   os.mkdir ("c:/temp/sddl")

for dirpath, dirnames, filenames in os.walk ("c:/temp"):
   for filename in filenames:
     print filename
     sd = win32security.GetFileSecurity (
       os.path.join (dirpath, filename),
       win32security.DACL_SECURITY_INFORMATION
     )
     sddl = win32security.ConvertSecurityDescriptorToStringSecurityDescriptor (
       sd,
       win32security.SDDL_REVISION_1,
       win32security.DACL_SECURITY_INFORMATION
     )
     print sddl
     base, ext = os.path.splitext (filename)
     win32file.CopyFile (
       os.path.join (dirpath, filename),
       os.path.join ("c:/temp/sddl", base + "." + sddl.replace (":", "#") + ext),
       1
     )

   break

</code>

TJG