Mailing List Archive: permissions on win32 [Q]

permissions on win32 [Q]

Apr 20, 1999, 8:27 PM

Post #1 of 5 (747 views)

Hi!

I have to do a little script for a customer that will copy files from an NT
server to another. I need to change the permissions on those files and
directories. I mean, I need to give privileges to groups like
Administrators, the user that owns the files (changes from file to file) and
other special groups. Anyone knows how to do this with Python? We have the
following env: NT4SP4, Python 1.5.1, Win32All 124 ... the lastest one. I
have already done the script that copies the files, I just need to know how
to set this permissions.

TIA

/B

Bruno Mattarollo <bruno@gaiasur.com.ar>
... proud to be a PSA member <http://www.python.org/psa>

permissions on win32 [Q] [ In reply to ]

MHammond at skippinet

Apr 21, 1999, 3:22 AM

Post #2 of 5 (729 views)

Permalink

NT security is a bit of a black art. Build 124 has
win32security.SetFileSecurity().

The next question will be how to create a security descriptor - here is some
sample code.

[.Oh damn - just realised that pywintypes.SECURITY_DESCRIPTOR() doesnt
actually exist in 124 - it will in 125. sorry - you will probably get stuck
here... But Ill still post it as reference for build 125 and later]

Mark.

def CreateSD(userName):
sd = pywintypes.SECURITY_DESCRIPTOR()

sidUser = win32security.LookupAccountName(None,userName)[0]
sidCreator = pywintypes.SID()
sidCreator.Initialize(ntsecuritycon.SECURITY_CREATOR_SID_AUTHORITY,1)
sidCreator.SetSubAuthority(0, ntsecuritycon.SECURITY_CREATOR_OWNER_RID)

acl = pywintypes.ACL()
acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser)
acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidCreator)

sd.SetSecurityDescriptorDacl(1, acl, 0)
return sd

Bruno Mattarollo wrote in message
<001201be8ba6$f2f706e0$6eba0ac8@kuarajy.infosys.com.ar>...
>Hi!
>
> I have to do a little script for a customer that will copy files from an
NT
>server to another. I need to change the permissions on those files and
>directories. I mean, I need to give privileges to groups like
>Administrators, the user that owns the files (changes from file to file)
and
>other special groups. Anyone knows how to do this with Python? We have the
>following env: NT4SP4, Python 1.5.1, Win32All 124 ... the lastest one. I
>have already done the script that copies the files, I just need to know how
>to set this permissions.
>
> TIA
>
>/B
>
>Bruno Mattarollo <bruno@gaiasur.com.ar>
>... proud to be a PSA member <http://www.python.org/psa>
>

permissions on win32 [Q] [ In reply to ]

brunomadv at ciudad

Apr 21, 1999, 7:29 AM

Post #3 of 5 (727 views)

Permalink

Thanks Mark...

All this is supposed to run on sunday and it's Mission Critical, so I
presume wiill be doing it by hand, but anyway thanks. I am looking forward
to be able to do this on NT... :-)

FYI we will be running another mission critical process on Sunday and it
will be a small Python app that will run on NT ... I love Python ... :-)

Cheers,

/B

Bruno Mattarollo <bruno@gaiasur.com.ar>
... proud to be a PSA member <http://www.python.org/psa>

> -----Original Message-----
> From: python-list-request@cwi.nl [mailto:python-list-request@cwi.nl]On
> Behalf Of Mark Hammond
> Sent: Wednesday, April 21, 1999 7:22 AM
> To: python-list@cwi.nl
> Subject: Re: permissions on win32 [Q]
>
>
> NT security is a bit of a black art. Build 124 has
> win32security.SetFileSecurity().
>
> The next question will be how to create a security descriptor -
> here is some
> sample code.
>
> [.Oh damn - just realised that pywintypes.SECURITY_DESCRIPTOR() doesnt
> actually exist in 124 - it will in 125. sorry - you will
> probably get stuck
> here... But Ill still post it as reference for build 125 and later]
>
> Mark.
>
> def CreateSD(userName):
> sd = pywintypes.SECURITY_DESCRIPTOR()
>
> sidUser = win32security.LookupAccountName(None,userName)[0]
> sidCreator = pywintypes.SID()
> sidCreator.Initialize(ntsecuritycon.SECURITY_CREATOR_SID_AUTHORITY,1)
> sidCreator.SetSubAuthority(0, ntsecuritycon.SECURITY_CREATOR_OWNER_RID)
>
> acl = pywintypes.ACL()
> acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser)
> acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidCreator)
>
> sd.SetSecurityDescriptorDacl(1, acl, 0)
> return sd
>
> Bruno Mattarollo wrote in message
> <001201be8ba6$f2f706e0$6eba0ac8@kuarajy.infosys.com.ar>...
> >Hi!
> >
> > I have to do a little script for a customer that will copy files from an
> NT
> >server to another. I need to change the permissions on those files and
> >directories. I mean, I need to give privileges to groups like
> >Administrators, the user that owns the files (changes from file to file)
> and
> >other special groups. Anyone knows how to do this with Python?
> We have the
> >following env: NT4SP4, Python 1.5.1, Win32All 124 ... the lastest one. I
> >have already done the script that copies the files, I just need
> to know how
> >to set this permissions.
> >
> > TIA
> >
> >/B
> >
> >Bruno Mattarollo <bruno@gaiasur.com.ar>
> >... proud to be a PSA member <http://www.python.org/psa>
> >
>
>
>

permissions on win32 [Q] [ In reply to ]

MHammond at skippinet

Apr 21, 1999, 5:15 PM

Post #4 of 5 (734 views)

Permalink

Bruno Mattarollo wrote in message
<002401be8c03$4f21d380$6eba0ac8@kuarajy.infosys.com.ar>...
>Thanks Mark...
>
> All this is supposed to run on sunday and it's Mission Critical, so I
>presume wiill be doing it by hand, but anyway thanks. I am looking forward
>to be able to do this on NT... :-)
>
> FYI we will be running another mission critical process on Sunday and it
>will be a small Python app that will run on NT ... I love Python ... :-)

Actually, overnight I thought of a different solution you could use - use a
"template file".

Although the help file omits this information, you could use
"win32security.GetFileSecurity()", and name a file that has the permissions
you wish to "copy". This will give you a SECURITY_DESCRIPTOR object. Once
you have the object, you can even manipulate the contents - the only thing
missing from 124 was the ability to create a brand-new, empty
SECURITY_DESCRIPTOR - all the functionality to manipulate them is there....

Mark.

permissions on win32 [Q] [ In reply to ]

brunomadv at ciudad

Apr 21, 1999, 10:07 PM

Post #5 of 5 (729 views)

Permalink

It looks like a solution, but I would have to create those template file by
hand ... Since all the permissions are new. I mean it's a migration from one
system to another, so there is no previous state, or at least, the previous
state is so diferent from the final one, that I cannot use a template file
without some serious hand-worked labor.... :-)

Thanks a lot Mark.

/B

Bruno Mattarollo <bruno@gaiasur.com.ar>
... proud to be a PSA member <http://www.python.org/psa>

> -----Original Message-----
> From: python-list-request@cwi.nl [mailto:python-list-request@cwi.nl]On
> Behalf Of Mark Hammond
> Sent: Wednesday, April 21, 1999 9:15 PM
> To: python-list@cwi.nl
> Subject: Re: permissions on win32 [Q]
>
>
> Bruno Mattarollo wrote in message
> <002401be8c03$4f21d380$6eba0ac8@kuarajy.infosys.com.ar>...
> >Thanks Mark...
> >
> > All this is supposed to run on sunday and it's Mission Critical, so I
> >presume wiill be doing it by hand, but anyway thanks. I am
> looking forward
> >to be able to do this on NT... :-)
> >
> > FYI we will be running another mission critical process on Sunday and it
> >will be a small Python app that will run on NT ... I love Python ... :-)
>
> Actually, overnight I thought of a different solution you could
> use - use a
> "template file".
>
> Although the help file omits this information, you could use
> "win32security.GetFileSecurity()", and name a file that has the
> permissions
> you wish to "copy". This will give you a SECURITY_DESCRIPTOR
> object. Once
> you have the object, you can even manipulate the contents - the only thing
> missing from 124 was the ability to create a brand-new, empty
> SECURITY_DESCRIPTOR - all the functionality to manipulate them is
> there....
>
> Mark.
>
>
>
>