On 18/02/2012 23:22, Rod Person wrote:
On Fri, 17 Feb 2012 20:20:09 +0000
Tim Golden<m...@timgolden.me.uk> wrote:
On 17/02/2012 18:26, Rod Person wrote:
import win32security as win32s
sd =
win32s.GetFileSecurity(sh,win32security.GROUP_SECURITY_INFORMATION)
Assuming that "sh" here is the name of of the share
(eg \\server\share1) then be aware that the result
of GetFileSecurity is the security on the underlying
folder, not the security of the share itself.
Thanks for the reply, Tim. Would have replied earlier but somehow this
ended up as spam.
You are correct here, sh is the share. I making a leap - for our
organization - that the share and folder have the same permissions.
There have been cases where the permission were different. Some of
these shares have existed since NT 3.1 and just migrated with permission
since that time.
Now, share-level security is, I think, relatively unusual
and you might well want to know the file security as well,
but they're not the same thing. (Just in case).
Another caveat: you almost certainly don't want the group security
from that share, either. That's a pretty much defunct relic of
the Windows Posix layer which would mimic the Unix security
model by giving every file a group and an owner. The owner
is still used sometimes. The group, probably never.
Have a look at this:
http://timgolden.me.uk/python/win32_how_do_i/add-security-to-a-file.html
This what I used to get as far as I have :)
But, I think the mistake I making is using the share as you point out.
I should be using the actual folder name, in which case I'd need to
be making a connection to the serve with wmi. Is that what your saying
to me?
Let's see. I think where we're at is this: you have a number of shares
on server1 (sharea, shareb) which you wish to set up on server2 so
that, in effect, the same users can access them in the same way. (And,
if you DNS-rename the servers around each other, without realising that
anything's changed).
Although WMI can help you in doing this, it's a bit of a clumsy tool
unless you have no other way of getting there. In particular, if you're
in an AD setup (or in an NT domain) and have suitably administrative
privs, you should be able to use either AD or the Win32 API NetShare*
functions (which are exposed via the win32net module in pywin32).
I'm not sure if you can simply disregard the share permissions -- which
would certainly be the most common approach -- or whether you want
them, but are happy for them to match the NTFS permissions for the
underlying path. The former is certainly easier; the latter is certainly
possible.
Ok; let's keep things simple. Assuming suitable admin privs across
all relevant machines, this code will read the shares from one
machine and recreate them on another assuming that the corresponding
paths are already in place:
<code>
import win32net
def shares (system):
share_infos, total, hResume = win32net.NetShareEnum (system, 2, 0)
for share_info in share_infos:
if share_info['type'] == 0:
yield share_info
while hResume > 0:
share_infos, total, hResume = win32net.NetShareEnum (
system, 2, hResume
)
for share_info in share_infos:
if share_info['type'] == 0:
yield share_info
def create_share (system, share_info):
win32net.NetShareAdd (system, 2, share_info)
for share_info in shares ("server1"):
create_share ("server2", share_info)
</code>
Could you see how far that takes you towards your goal? I'm
not clear whether you need help specifying the perms on
the underlying paths, since that would normally be done by
some kind of backup-restore toolset. But if you need something
I can certainly advise.
TJG
_______________________________________________
python-win32 mailing list
python-win32@python.org
http://mail.python.org/mailman/listinfo/python-win32
