[python-win32] Inheritance not applied to objects and containers

[Matthew Howle]

Aha! Thank you, using SetNamedSecurityInfo() worked perfectly. 

Here's the test code I used

>>> user = win32security.LookupAccountName("","DOMAIN\\username")[0]
>>> sd = win32security.GetFileSecurity("C:\\testdir",win32security.DACL_SECURITY_INFORMATION)
>>> dacl = sd.GetSecurityDescriptorDacl()
>>> dacl.AddAccessAllowedAceEx(win32security.ACL_REVISION,win32security.OBJECT_INHERIT_ACE|win32security.CONTAINER_INHERIT_ACE,win32file.FILE_ALL_ACCESS,user)

>>> ret = win32security.SetNamedSecurityInfo("C:\\testdir",win32security.SE_FILE_OBJECT,win32security.DACL_SECURITY_INFORMATION,None,None,dacl,None)

>>> print ret # None == Success

--- On Wed, 12/1/10, Tim Roberts <timr at probo.com> wrote:

> From: Tim Roberts <timr at probo.com>
> Subject: Re: [python-win32] Inheritance not applied to objects and containers
> To: "Python-Win32 List" <python-win32 at python.org>
> Date: Wednesday, December 1, 2010, 6:59 PM
> Matthew Howle wrote:
> > The permissions are applied to the directory but
> subdirectories and
> > files within the directory aren't inheriting the
> permissions.
> 
> You've stumbled across a very nasty little dark corner.
> 
> There are several APIs for managing security descriptors,
> including APIs
> like SetFileSecurity, SetSecurityInfo, and
> SetNamedSecurityInfo.  You
> happened to choose SetFileSecurity.  It turns out this
> is a low-level
> API which does not automatically propagate the inherited
> permissions. 
> Your permissions will apply to NEW objects, but it doesn't
> modify
> EXISTING child objects.
> 
> You should investigate either SetSecurityInfo or
> SetNamedSecurityInfo. 
> Both of those will do the propagation automatically.
> 
> -- 
> Tim Roberts, timr at probo.com
> Providenza & Boekelheide, Inc.
> 
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> http://mail.python.org/mailman/listinfo/python-win32
>