Checking folder/file ntfs permissions using python

About

Asked 22/5, 2009 at 6:48 Answered 22/5, 2009 at 13:56

Solved python winapi permissions acl ntfs

As the question title might suggest, I would very much like to know of the way to check the ntfs permissions of the given file or folder (hint: those are the ones you see in the "security" tab). Basically, what I need is to take a path to a file or directory (on a local machine, or, preferrably, on a share on a remote machine) and get the list of users/groups and the corresponding permissions for this file/folder. Ultimately, the application is going to traverse a directory tree, reading permissions for each object and processing them accordingly.

Now, I can think of a number of ways to do that:

parse cacls.exe output -- easily done, BUT, unless im missing something, cacls.exe only gives the permissions in the form of R|W|C|F (read/write/change/full), which is insufficient (I need to get the permissions like "List folder contents", extended permissions too)
xcacls.exe or xcacls.vbs output -- yes, they give me all the permissions I need, but they work dreadfully slow, it takes xcacls.vbs about ONE SECOND to get permissions on a local system file. Such speed is unacceptable
win32security (it wraps around winapi, right?) -- I am sure it can be handled like this, but I'd rather not reinvent the wheel

Is there anything else I am missing here?

Gritty answered 22/5, 2009 at 6:48 Comment(3)

I think win32security is what you want. It is indeed a wrapper around the Windows API. Are you concerned that it's too low-level? – Romero 22/5, 2009 at 7:6

Well, if it is the only way I might as well do it using win32security, but that would be like rolling my own cacls, thats why I've referred to it as reinventing the wheel. – Gritty 22/5, 2009 at 8:0

Well, first of all, cacls doesn't do everything the Win API does (including, apparently, what you want to do). Second, calling the API (even through bindings) will probably be much faster then shelling out to another program and parsing the output. – Romero 22/5, 2009 at 8:23

Unless you fancy rolling your own, win32security is the way to go. There's the beginnings of an example here:

http://timgolden.me.uk/python/win32_how_do_i/get-the-owner-of-a-file.html

If you want to live slightly dangerously (!) my in-progress winsys package is designed to do exactly what you're after. You can get an MSI of the dev version here:

http://timgolden.me.uk/python/downloads/WinSys-0.4.win32-py2.6.msi

or you can just checkout the svn trunk:

svn co http://winsys.googlecode.com/svn/trunk winsys

To do what you describe (guessing slightly at the exact requirements) you could do this:

import codecs
from winsys import fs

base = "c:/temp"
with codecs.open ("permissions.log", "wb", encoding="utf8") as log:
  for f in fs.flat (base):
  log.write ("\n" + f.filepath.relative_to (base) + "\n")
  for ace in f.security ().dacl:
    access_flags = fs.FILE_ACCESS.names_from_value (ace.access)
    log.write (u"  %s => %s\n" % (ace.trustee, ", ".join (access_flags)))

TJG

Exsect answered 22/5, 2009 at 13:56 Comment(1)

Oh, Tim, thank you SO much! I was going to say, that I've already figured out how to do it (using win32security, yeah), but I've just realized, that I did it using the examples on your site! What kind of coincidence is that! :) – Gritty 22/5, 2009 at 15:36

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags