faqts : Computers : Programming : Languages : Python : Modules

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

11 of 13 people (85%) answered Yes
Recently 8 of 10 people (80%) answered Yes

Entry

Is there a Win32 module that I can use to set directory privileges, that has the functionality of cacls.exe using python?

Apr 12th, 2002 04:47
Curtis Yanko, unknown unknown, Mark Hammond, Albert Hopkins, Curtis Yanko
 


Check the win32security module plus the pywintypes module for direct 
access to security objects.

The "problem" is that Python makes no attempt to make it easier than it 
is in C/C++.  There is a fair bit of magic to weave, involving a number 
of steps to successfully create the ACLs, ACEs and SDs!  Getting the 
code wrong can cause a few problems ;-)

There are no "nice" wrappers around this stuff simply because I 
personally dont have the experience with them.  The few times I need to 
do security related things I search MSDN for C sample code, and 
translate it to the relevant win32security/pywintypes calls.

As an example of the verbosity required, below is some code from the 
book examples <plug>Chapter 16 - Windows NT Administration</plug> that 
simply creates a security descriptor ready to be applied to the 
necessary object.
(In fact, this is probably a reasonable percentage of what you need)

# A utility function that creates an NT security object for a user.
def CreateUserSecurityDescriptor(userName):
    sidUser = win32security.LookupAccountName(serverName, userName)[0]
    sd = win32security.SECURITY_DESCRIPTOR()

    # Create the "well known" SID for the administrators group
    subAuths = ntsecuritycon.SECURITY_BUILTIN_DOMAIN_RID, \
               ntsecuritycon.DOMAIN_ALIAS_RID_ADMINS
    sidAdmins = win32security.SID(ntsecuritycon.SECURITY_NT_AUTHORITY,
subAuths)

    # Now set the ACL, giving user and admin full access.
    acl = win32security.ACL(128)
    acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser)
    acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidAdmins)

    sd.SetSecurityDescriptorDacl(1, acl, 0)
    return sd

==================================================================

I may be missing the mark a bit but I think it is worth pointing out 
that Python is an excellent 'glue' language too. You can have Python 
use cacls or xcacls (doesn't ask Yes/No) and pass it the paramaters it 
needs.