win32security, client privleges
Mark Hammond
mhammond at skippinet.com.au
Tue Feb 8 17:38:30 EST 2000
If you look up the MS docs for GetFileSecurity() you will notice the
following:
"""To read the system access-control list (SACL) of a file or
directory, the SE_SECURITY_NAME privilege must be enabled for the
calling process."""
Note that privileges are different than permissions. So, you can use
the function below to enable the privilege for your session - just
pass ntsecuritycon.SE_SECURITY_NAME to this function...
[Taken from the book, which discusses this briefly...]
Mark.
import win32security
import win32api
import sys
import time
from ntsecuritycon import *
def AdjustPrivilege(priv, enable = 1):
# Get the process token.
flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
htoken =
win32security.OpenProcessToken(win32api.GetCurrentProcess(), flags)
# Get the ID for the system shutdown privilege.
id = win32security.LookupPrivilegeValue(None, priv)
# Now obtain the privilege for this process.
# Create a list of the privileges to be added.
if enable:
newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
else:
newPrivileges = [(id, 0)]
# and make the adjustment.
win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)
<daryl_stultz at my-deja.com> wrote in message
news:87pu3o$23i$1 at nnrp1.deja.com...
> Hello, I'm on a Windows NT machine on a managed network. I would
like
> to write an app to manage file security (access rights...) It seems
that
> win32security is just what I need. However, when I run the
following:
>
> import win32security
> win32security.GetFileSecurity("SomeFile")
>
> I get the following error:
>
> api_error: (1314, 'GetFileSecurity', ' A required privilege is not
held
> by the client.')
>
> I have "administrator" status on the network. For kicks, I had the
> domain admin log in to my machine and I got the same error. So it
> appears as though client refers to something other than my User
account.
>
> How do I make this work? Also, is there some decent documentation on
how
> to use the various win32 modules (or is it all in some MS
> documentation?) Thanks.
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
More information about the Python-list
mailing list