Re: [python-win32] File access entries are incorrectly set

Tue, 20 Sep 2016 00:54:24 -0700 

I think file_generic_write will have the same problem.

You may want to check out:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx

Note they explicitly say you can't deny  generic_write without causing
problems.

Blocking access like this can get pretty fiddly. I can only suggest
starting by blocking the bare minimum that you can.  Check those consts on
msdn & avoid the generic ones.

On Tue, 20 Sep 2016, 4:42 PM Goku Balu <tfa.signup.te...@gmail.com> wrote:

> Hi Christopher,
>
> Thanks for responding. Forgot to mention that I did test this with
> FILE_GENERIC_WRITE also but the result is the same. If this
> is applied on a folder it leaves the folder unopenable. If it's applied on
> a file(say a.txt file), Notepad shows warning informing "Access Denied" but
> can be edited and can be saved in a different location.
>
> FYI I'm using Python 3.2 with Pywin32 ver 219.
>
> Thanks,
> Jeba
>
> On Tue, Sep 20, 2016 at 3:51 AM, Christopher Nilsson <ch...@slort.org>
> wrote:
>
>> Hi Goku,
>>
>> That doesn't seem like a bug to me. GENERIC_WRITE represents several
>> permissions mashed together, including FILE_WRITE and read control.
>>
>> Perhaps try with just FILE_WRITE on its own?
>>
>> On Tue, 20 Sep 2016, 8:03 AM Goku Balu <tfa.signup.te...@gmail.com>
>> wrote:
>>
>>> If I deny GENERIC_WRITE it denies Rc as well (Rc - Read Control). I
>>> can't even open the folder in explorer. Here is the sample code. Is this a
>>> bug?
>>>
>>> import win32security,win32api,win32con
>>> import ntsecuritycon as con
>>> import os
>>>
>>> def show_cacls (filename):
>>>     for line in os.popen ("Icacls %s" % filename).read ().splitlines ():
>>>         print(line)
>>>
>>> def denyWrite():
>>>     everyone, everyone_domain, everyone_type =
>>> win32security.LookupAccountName ("", "Everyone")
>>>     print(everyone, everyone_domain, everyone_type)
>>>
>>>     sd = win32security.GetFileSecurity(FILENAME,
>>> win32security.DACL_SECURITY_INFORMATION)
>>>     dacl = sd.GetSecurityDescriptorDacl()
>>>
>>>     masks=con.GENERIC_WRITE
>>>     dacl.AddAccessDeniedAce(win32security.ACL_REVISION_DS,masks,everyone)
>>>     sd.SetSecurityDescriptorDacl(1, dacl, 0)   # may not be necessary
>>>     win32security.SetFileSecurity(FILENAME,
>>> win32security.DACL_SECURITY_INFORMATION, sd)
>>>     show_cacls (FILENAME)
>>>
>>>
>>> try:
>>>
>>>     FILENAME = "D:\\test"
>>>     denyWrite()
>>>
>>> Any help regarding this would be welcomed. Thanks
>>> _______________________________________________
>>> python-win32 mailing list
>>> python-win32@python.org
>>> https://mail.python.org/mailman/listinfo/python-win32
>>>
>>
>

_______________________________________________
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32

Reply via email to