Changing directory ACLs 
Author Message
 Changing directory ACLs

Hello, I have been using python to do administrative tasks on my NT PDC.

Is there a Win32 module that I can use to set directory privileges, that

has the functionality of cacls.exe using python? I am currently using
cacls to set the privileges by doing a os.system command in my script.
Thanks for the help in advance!

Mike Warfe



Sat, 07 Dec 2002 03:00:00 GMT  
 Changing directory ACLs
Check the win32security module.  I've never used it, but it appears to
have what you're looking for.

Quote:

>Hello, I have been using Python to do administrative tasks on my NT PDC.

>Is there a Win32 module that I can use to set directory privileges, that

>has the functionality of cacls.exe using python? I am currently using
>cacls to set the privileges by doing a os.system command in my script.
>Thanks for the help in advance!

>Mike Warfe

--
                                                     Albert Hopkins
                                             Sr. Systems Specialist
                                                      Dynacare Inc.

--
Computers let you make More mistakes faster
than any other invention in human history,
with the possible exception of handguns and tequila

                                                    Mitch Radcliffe



Sat, 07 Dec 2002 03:00:00 GMT  
 Changing directory ACLs

Quote:
> Check the win32security module.  I've never used it, but it appears to
> have what you're looking for.

Yes, Im confident that win32security, plus the pywintypes module for
direct access to security objects will do what you want.

The "problem" is that Python makes no attempt to make it easier than it is
in C/C++.  There is a fair bit of magic to weave, involving a number of
steps to successfully create the ACLs, ACEs and SDs!  Getting the code
wrong can cause a few problems ;-)

There are no "nice" wrappers around this stuff simply because I personally
dont have the experience with them.  The few times I need to do security
related things I search MSDN for C sample code, and translate it to the
relevant win32security/pywintypes calls.

As an example of the verbosity required, below is some code from the book
examples <plug>Chapter 16 - Windows NT Administration</plug> that simply
creates a security descriptor ready to be applied to the necessary object.
(In fact, this is probably a reasonable percentage of what you need)

Mark.

# A utility function that creates an NT security object for a user.
def CreateUserSecurityDescriptor(userName):
    sidUser = win32security.LookupAccountName(serverName, userName)[0]
    sd = win32security.SECURITY_DESCRIPTOR()

    # Create the "well known" SID for the administrators group
    subAuths = ntsecuritycon.SECURITY_BUILTIN_DOMAIN_RID, \
               ntsecuritycon.DOMAIN_ALIAS_RID_ADMINS
    sidAdmins = win32security.SID(ntsecuritycon.SECURITY_NT_AUTHORITY,
subAuths)

    # Now set the ACL, giving user and admin full access.
    acl = win32security.ACL(128)
    acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser)
    acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidAdmins)

    sd.SetSecurityDescriptorDacl(1, acl, 0)
    return sd



Sun, 08 Dec 2002 03:00:00 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. VAX/VMS ACLs

2. how to change working directory?

3. Changing directories

4. changing file directory at runtime without using a variable in prop:name

5. CW4 - Changing directory at runtime

6. How can you make change data directories at run time (ABC)

7. Changing directories in Personal Eiffel?

8. Can't change directory when using Netware Client

9. Change directory on windows

10. Change Directory Needed

11. Why does File Dialog change directory information?

12. How to set/change Current Directory ???

 

 
Powered by phpBB® Forum Software