[python-win32] Getting Remote Share User Group Names and Permissions
Tim Golden
mail at timgolden.me.uk
Mon Feb 20 12:53:46 CET 2012
On 18/02/2012 23:22, Rod Person wrote:
> On Fri, 17 Feb 2012 20:20:09 +0000
> Tim Golden<mail at timgolden.me.uk> wrote:
>> On 17/02/2012 18:26, Rod Person wrote:
>>>
>>> import win32security as win32s
>>>
>>> sd =
>>> win32s.GetFileSecurity(sh,win32security.GROUP_SECURITY_INFORMATION)
>>
>> Assuming that "sh" here is the name of of the share
>> (eg \\server\share1) then be aware that the result
>> of GetFileSecurity is the security on the underlying
>> folder, not the security of the share itself.
>
> Thanks for the reply, Tim. Would have replied earlier but somehow this
> ended up as spam.
>
> You are correct here, sh is the share. I making a leap - for our
> organization - that the share and folder have the same permissions.
> There have been cases where the permission were different. Some of
> these shares have existed since NT 3.1 and just migrated with permission
> since that time.
>
>> Now, share-level security is, I think, relatively unusual
>> and you might well want to know the file security as well,
>> but they're not the same thing. (Just in case).
>>
>> Another caveat: you almost certainly don't want the group security
>> from that share, either. That's a pretty much defunct relic of
>> the Windows Posix layer which would mimic the Unix security
>> model by giving every file a group and an owner. The owner
>> is still used sometimes. The group, probably never.
>>
>> Have a look at this:
>>
>> http://timgolden.me.uk/python/win32_how_do_i/add-security-to-a-file.html
>
> This what I used to get as far as I have :)
>
> But, I think the mistake I making is using the share as you point out.
> I should be using the actual folder name, in which case I'd need to
> be making a connection to the serve with wmi. Is that what your saying
> to me?
Let's see. I think where we're at is this: you have a number of shares
on server1 (sharea, shareb) which you wish to set up on server2 so
that, in effect, the same users can access them in the same way. (And,
if you DNS-rename the servers around each other, without realising that
anything's changed).
Although WMI can help you in doing this, it's a bit of a clumsy tool
unless you have no other way of getting there. In particular, if you're
in an AD setup (or in an NT domain) and have suitably administrative
privs, you should be able to use either AD or the Win32 API NetShare*
functions (which are exposed via the win32net module in pywin32).
I'm not sure if you can simply disregard the share permissions -- which
would certainly be the most common approach -- or whether you want
them, but are happy for them to match the NTFS permissions for the
underlying path. The former is certainly easier; the latter is certainly
possible.
Ok; let's keep things simple. Assuming suitable admin privs across
all relevant machines, this code will read the shares from one
machine and recreate them on another assuming that the corresponding
paths are already in place:
<code>
import win32net
def shares (system):
share_infos, total, hResume = win32net.NetShareEnum (system, 2, 0)
for share_info in share_infos:
if share_info['type'] == 0:
yield share_info
while hResume > 0:
share_infos, total, hResume = win32net.NetShareEnum (
system, 2, hResume
)
for share_info in share_infos:
if share_info['type'] == 0:
yield share_info
def create_share (system, share_info):
win32net.NetShareAdd (system, 2, share_info)
for share_info in shares ("server1"):
create_share ("server2", share_info)
</code>
Could you see how far that takes you towards your goal? I'm
not clear whether you need help specifying the perms on
the underlying paths, since that would normally be done by
some kind of backup-restore toolset. But if you need something
I can certainly advise.
TJG
More information about the python-win32
mailing list