Some win32security questions
Mark Hammond
mhammond at skippinet.com.au
Sun Feb 9 16:58:57 EST 2003
Dmitry Bely wrote:
> I am trying to write a script to set some file ACLs. This seems to be
> surprisingly complicated when compared, say, to Perl or Visual Basic. I
> realize that Python libraries are direct wrappers to WIN32 API -- this is
> not a problem, I simply cannot find the way to do some things. Maybe I am
> missing something?
>
> 1. I would like to get the SID of "Domain Admins" group in my domain. As
> "Domain Admins" has predefined RID (DOMAIN_GROUP_RID_ADMINS), I would think
> there is a way to combine it with domain's SID to get resulting SID --
> something like this:
>
> sidAdmins = win32security.LookupAccountName(None,"mydomain")[0]
> sidUser.SetSubAuthority(4, ntsecuritycon.DOMAIN_GROUP_RID_ADMINS)
>
> Unfortunately, this does not work ("The index is out of range"). Is it
> possible to *append* SubAuthority to the existing SID?
>
> 2. Python has AddAccessAllowedAce()/AddAccessDeniedAce() function wrappers,
> but not their *Ex() variants. So I cannot specify inheritance flags
> (CONTAINER_INHERIT_ACE etc.). Why *Ex() variants are not implemented?
Unfortunately, the reality is that no one who knows much about Win32
security has had any input into these wrappers. I know SFA about this
API, and have used it about 3 times, each time directly copying some
sample C++ code.
If you have the energy and inclination, mail me and we could come up
with a list of what is missing and the best way to tackle it.
Mark.
More information about the Python-list
mailing list