Re: [python-win32] Folder Permissions - Inherit problem

[Feiock, Dennis]

> Dennis Feiock wrote:   >> Hi all, >> >> I have been trying to write a script to backup/restore NTFS permissions. >> I have come across one problem. >> >> How can I set a folder to inherit its permissions?  I am able to detect >> if a folder has inherited permissions by: >> >> 16 & ACE_FLAGS == 16 >> >> When I am stepping through them and exporting to an XML file. >> >> I found this message: >> >> http://mail.python.org/pipermail/python-win32/2004-July/002112.html >> >> Which states that ACEs have to be in a certain order (inherited ACEs >> last).   > ACEs are automatically reordered when they're added.   Thanks for the info!  That makes things a lot easier.   >> I am able to use the win32security.SetFileSecurity function correctly to >> set permissions.  It's just that when I go to view the inheritance on >> the folder, the checkbox is always unchecked.     > When building the ACL yourself,  you'll need to use > AddAccessAllowedAceEx and AddAccessDeniedAceEx > to be able to specify the inheritance flags. > Also, see this thread: > http://mail.python.org/pipermail/python-win32/2006-February/004210.html > for a discussion on storing permissions for later restoral.   Thanks for this link as well.  That will make things much easier.  So far, I have been exporting out the owner and each ACE to an xml file to verify/reconstruct in the future.   When I tested using AddAccessAllowedAceEx on a folder, I noticed that the existing subfolders that have inheritance enabled do not automatically take on the added permission.  When creating a new folder, it added the ACE as it should.  Any suggestions?  Here is the code I used (note: I couldn’t find information on the SetDacl options, so that might be it):   >>> import win32security >>> matt = win32security.LookupAccountName(None,'mbailey')[0] >>> matt <PySID object at 0x009A5788> >>> fullpath = r'K:\Python\ACL Report\testfolder1' >>> fullpath 'K:\\Python\\ACL Report\\testfolder1' >>> sd1 = win32security.GetFileSecurity(fullpath, win32security.DACL_SECURITY_IN FORMATION) >>> sd1 <PySECURITY_DESCRIPTOR object at 0x009A4AD8> >>> dacl1 = sd1.GetSecurityDescriptorDacl() >>> dacl1 <PyACL object at 0x009C0678> >>> dacl1.GetAceCount() 7 >>> dacl1.AddAccessAllowedAceEx(win32security.ACL_REVISION_DS, win32security.CON TAINER_INHERIT_ACE|win32security.OBJECT_INHERIT_ACE,2032127,matt) >>> dacl1.GetAceCount() 8 >>> sd1.SetDacl(1,dacl1,0) >>> sd1 <PySECURITY_DESCRIPTOR object at 0x009A4AD8> >>> win32security.SetFileSecurity(fullpath,win32security.DACL_SECURITY_INFORMATI ON,sd1) >>>

_______________________________________________
Python-win32 mailing list
Python-win32@python.org
http://mail.python.org/mailman/listinfo/python-win32