Hi, I'm trying to set permissions on an NTFS tree. Specifically I'm trying to add a propagable ACE to the DACL on a top-level directory and hoping for it to recursively propagate to children who do not have inherited permissions blocked. I'm currently tying to do this by calling SetNamedSecurityInfo. However, it appears that the ACE is only added to the top-level directory. I'm passing both children_containers_inherit children_noncontainers_inherit to AddAccessAllowedAceEx and when I look at the ACE on the top-level directory it shows as being applied to directory and all children... it's just that none of the permissions actually appear to be propagated to the children in the directory tree.
MSDN specifies that SetNamedSecurityInfo does propagate to children. However, I'm under the impression that this propagation isn't truly complete until you somehow manually force the children nodes to recalculate their DACLs and notice the new ACE that applies to them. Is this correct and if so what is the correct way of forcing the children nodes to re-calculate via win32security? I also noticed that in aclapi.h there is a function called TreeResetNamedSecurityInfo (2003+) that appears to do what I'm looking for instead of SetNamedSecurityInfo, however it's not included in win32security. If it's not possible to manually to manually force the recalculation in SetNamedSecurityInfo, is the next best bet to try to manually call out to TreeResetNamedSecurityInfo or are there any other suggestions? I would appreciate any light someone could spread on this issue -- I'm to the point of banging my head against the wall. Thank you Zakir Durumeric
_______________________________________________ python-win32 mailing list python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32
