I think file_generic_write will have the same problem. You may want to check out: https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx
Note they explicitly say you can't deny generic_write without causing problems. Blocking access like this can get pretty fiddly. I can only suggest starting by blocking the bare minimum that you can. Check those consts on msdn & avoid the generic ones. On Tue, 20 Sep 2016, 4:42 PM Goku Balu <[email protected]> wrote: > Hi Christopher, > > Thanks for responding. Forgot to mention that I did test this with > FILE_GENERIC_WRITE also but the result is the same. If this > is applied on a folder it leaves the folder unopenable. If it's applied on > a file(say a.txt file), Notepad shows warning informing "Access Denied" but > can be edited and can be saved in a different location. > > FYI I'm using Python 3.2 with Pywin32 ver 219. > > Thanks, > Jeba > > On Tue, Sep 20, 2016 at 3:51 AM, Christopher Nilsson <[email protected]> > wrote: > >> Hi Goku, >> >> That doesn't seem like a bug to me. GENERIC_WRITE represents several >> permissions mashed together, including FILE_WRITE and read control. >> >> Perhaps try with just FILE_WRITE on its own? >> >> On Tue, 20 Sep 2016, 8:03 AM Goku Balu <[email protected]> >> wrote: >> >>> If I deny GENERIC_WRITE it denies Rc as well (Rc - Read Control). I >>> can't even open the folder in explorer. Here is the sample code. Is this a >>> bug? >>> >>> import win32security,win32api,win32con >>> import ntsecuritycon as con >>> import os >>> >>> def show_cacls (filename): >>> for line in os.popen ("Icacls %s" % filename).read ().splitlines (): >>> print(line) >>> >>> def denyWrite(): >>> everyone, everyone_domain, everyone_type = >>> win32security.LookupAccountName ("", "Everyone") >>> print(everyone, everyone_domain, everyone_type) >>> >>> sd = win32security.GetFileSecurity(FILENAME, >>> win32security.DACL_SECURITY_INFORMATION) >>> dacl = sd.GetSecurityDescriptorDacl() >>> >>> masks=con.GENERIC_WRITE >>> dacl.AddAccessDeniedAce(win32security.ACL_REVISION_DS,masks,everyone) >>> sd.SetSecurityDescriptorDacl(1, dacl, 0) # may not be necessary >>> win32security.SetFileSecurity(FILENAME, >>> win32security.DACL_SECURITY_INFORMATION, sd) >>> show_cacls (FILENAME) >>> >>> >>> try: >>> >>> FILENAME = "D:\\test" >>> denyWrite() >>> >>> Any help regarding this would be welcomed. Thanks >>> _______________________________________________ >>> python-win32 mailing list >>> [email protected] >>> https://mail.python.org/mailman/listinfo/python-win32 >>> >> >
_______________________________________________ python-win32 mailing list [email protected] https://mail.python.org/mailman/listinfo/python-win32
