I have a scenario where I have a directory owned by localhost\Administrators
with
that group and SYSTEM set to full control without inheritance propagated.
Under this, I have a folder owned by another account with only that account
granted
full control.
If I elevate my token and run:
win32security.SetNamedSecurityInfo(
path,
win32security.SE_FILE_OBJECT,
win32security.OWNER_SECURITY_INFORMATION,
owner.sid,
None,
None,
None
)
from the account that has full control (and originally owned it), I can view
the new owner.
This however doesn't allow the context that changed the owner to then access
the dacl
and add an ace? That context still cannot view the directory permissions which
doesn't jive
with the behavior of takeown.exe for example, after assuming ownership with
that binary,
the alternate context can view the permissions and see the original owner is
the only entry
in the ACL with full control (as it was)?
What has takeown.exe done differently that the above Python code hasn't? The
approach
and context has been consistent, so it seems I have missed a step with Python
that left the
directory inconsistent as compared to the state left by takeown.exe.
Thanks,
jlc
_______________________________________________
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32
