On Fri, 20 Aug 2010 00:04:29 +0200, Thomas Jollans wrote: > This brings up an interesting, but probably quite complicated question: is it > reasonable to try to express Windows permissions using full POSIX ACLs
> Do Windows NT permissions do anything more? Or, apart from the > "executable" bit, anything less, for that matter? 1. There are far more permission types than just "rwx". Specifically: For files: Execute File Read Data Write Data Append Data For folders: Traverse Folder List Folder Create Files Create Folders Delete Subfolders and Files For both: Full Control Read Attributes Read Extended Attributes Write Attributes Write Extended Attributes Delete Read Permissions Change Permissions Take Ownership Note that files/folders have a distinct "Delete" permission, as well as the "Delete Subfolders and Files" permission on the parent folder. Unix lacks the "Append Data" permission for files, and the "Create Files", "Create Folders" and "Delete Subfolders and Files" correspond to having write permission on a directory. On Unix, you can read permissions (and attributes if the filesystem has them) for any file which you can "reach" (i.e. have "x" permission on all ancestor directories). You can only change permissions (and some attributes) if you own the file, and only root can change ownership (and change some attributes). 2. Permissions can be inherited from the "parent object" (which isn't necessarily the parent folder). If you change a permission on the parent object, it automatically affects any file or folder which inherits the permission. 3. The owner can be either a user or a group. 4. On Windows, a file cannot be "given away" either by its owner or an administrator. You can grant the "Take Ownership" permission, but the recipient still has to explicitly change the ownership. -- http://mail.python.org/mailman/listinfo/python-list