[python-win32] File access entries are incorrectly set
Christopher Nilsson
chris at slort.org
Mon Sep 19 18:21:04 EDT 2016
Hi Goku,
That doesn't seem like a bug to me. GENERIC_WRITE represents several
permissions mashed together, including FILE_WRITE and read control.
Perhaps try with just FILE_WRITE on its own?
On Tue, 20 Sep 2016, 8:03 AM Goku Balu <tfa.signup.test1 at gmail.com> wrote:
> If I deny GENERIC_WRITE it denies Rc as well (Rc - Read Control). I can't
> even open the folder in explorer. Here is the sample code. Is this a bug?
>
> import win32security,win32api,win32con
> import ntsecuritycon as con
> import os
>
> def show_cacls (filename):
> for line in os.popen ("Icacls %s" % filename).read ().splitlines ():
> print(line)
>
> def denyWrite():
> everyone, everyone_domain, everyone_type =
> win32security.LookupAccountName ("", "Everyone")
> print(everyone, everyone_domain, everyone_type)
>
> sd = win32security.GetFileSecurity(FILENAME,
> win32security.DACL_SECURITY_INFORMATION)
> dacl = sd.GetSecurityDescriptorDacl()
>
> masks=con.GENERIC_WRITE
> dacl.AddAccessDeniedAce(win32security.ACL_REVISION_DS,masks,everyone)
> sd.SetSecurityDescriptorDacl(1, dacl, 0) # may not be necessary
> win32security.SetFileSecurity(FILENAME,
> win32security.DACL_SECURITY_INFORMATION, sd)
> show_cacls (FILENAME)
>
>
> try:
>
> FILENAME = "D:\\test"
> denyWrite()
>
> Any help regarding this would be welcomed. Thanks
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> https://mail.python.org/mailman/listinfo/python-win32
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-win32/attachments/20160919/0b3800ff/attachment.html>
More information about the python-win32
mailing list