[python-win32] Using win32file.CreateDirectory including setting permissions

[Alex Willmer]

Alex Willmer wrote:

> 
> win32file.CreateDirectory(r'c:\test42',sa)
> 
> My problem is that I need users to have 'Full Control' of the directory, 
> as reported by the properties dialog of the directory. The 
> win32file.FILE_ALL_ACCESS doesn't achieve this, it reports the directory 
> as having 'Special Access', with none of the checkboxes in the advanced 
> page ticked.
> 
> What is the correct constant to pass to acl.AddAccessAllowedAce?
> 

OK, a little more playing reveals the following. C:\test43 was created 
manually and my account given full permission

 >>> import win32file, win32security, ntsecuritycon
 >>> sd = 
win32security.GetFileSecurity(r'c:\test42',win32security.DACL_SECURITY_INFORMATION)
 >>> acl = sd.GetSecurityDescriptorDacl()
 >>> acl.GetAceCount()
1
 >>> acl.GetAce(0)
((0, 3), 2032127, <PySID object at 0x01112968>)
 >>> def bin(x): return ''.join([('0','1')[(x >> i) & 0x01] for i in 
range(31,-1,-1)])
...
 >>> bin(acl.GetAce(0)[1])
'00000000000111110000000111111111'
 >>>

This all seems good so far, however:

 >>> sid = win32security.LookupAccountName('','alex')[0]
 >>> sa = win32security.SECURITY_ATTRIBUTES()
 >>> acl2 = win32security.ACL(128)
 >>> acl2.AddAccessAllowedAce(x, sid)
 >>> sa.SetSecurityDescriptorDacl(1,acl2,0)
 >>> win32file.CreateDirectory(r'c:\test44',sa)
 >>> win32file.FILE_ALL_ACCESS
2032127
 >>> win32file.FILE_ALL_ACCESS==x
1

Looking at c:\test44 with explorer shows that the permissions are the 
same as test42, win32file.FILE_ALL_ACCESS appears to have been the 
correct constant all along. Obviously I'm calling the functions wrongly, 
or missing a step.

So my question now has to be, does anyone have an example the correct 
code for creating a directory, and giving a given user full permission 
as if it had been created with explorer and that user being given 'Full 
Control'?

Any help would be greatly appreciated.

Sincerely

Alex Willmer