Some win32security questions
Dmitry Bely
dbely at mail.ru
Sun Feb 9 11:21:47 EST 2003
I am trying to write a script to set some file ACLs. This seems to be
surprisingly complicated when compared, say, to Perl or Visual Basic. I
realize that Python libraries are direct wrappers to WIN32 API -- this is
not a problem, I simply cannot find the way to do some things. Maybe I am
missing something?
1. I would like to get the SID of "Domain Admins" group in my domain. As
"Domain Admins" has predefined RID (DOMAIN_GROUP_RID_ADMINS), I would think
there is a way to combine it with domain's SID to get resulting SID --
something like this:
sidAdmins = win32security.LookupAccountName(None,"mydomain")[0]
sidUser.SetSubAuthority(4, ntsecuritycon.DOMAIN_GROUP_RID_ADMINS)
Unfortunately, this does not work ("The index is out of range"). Is it
possible to *append* SubAuthority to the existing SID?
2. Python has AddAccessAllowedAce()/AddAccessDeniedAce() function wrappers,
but not their *Ex() variants. So I cannot specify inheritance flags
(CONTAINER_INHERIT_ACE etc.). Why *Ex() variants are not implemented?
- Dmitry Bely
More information about the Python-list
mailing list