[python-win32] Issue with taking ownership
Joseph L. Casale
jcasale at activenetwerx.com
Tue Jan 21 16:36:31 CET 2014
I have a scenario where I have a directory owned by localhost\Administrators with
that group and SYSTEM set to full control without inheritance propagated.
Under this, I have a folder owned by another account with only that account granted
full control.
If I elevate my token and run:
win32security.SetNamedSecurityInfo(
path,
win32security.SE_FILE_OBJECT,
win32security.OWNER_SECURITY_INFORMATION,
owner.sid,
None,
None,
None
)
from the account that has full control (and originally owned it), I can view the new owner.
This however doesn't allow the context that changed the owner to then access the dacl
and add an ace? That context still cannot view the directory permissions which doesn't jive
with the behavior of takeown.exe for example, after assuming ownership with that binary,
the alternate context can view the permissions and see the original owner is the only entry
in the ACL with full control (as it was)?
What has takeown.exe done differently that the above Python code hasn't? The approach
and context has been consistent, so it seems I have missed a step with Python that left the
directory inconsistent as compared to the state left by takeown.exe.
Thanks,
jlc
More information about the python-win32
mailing list