Message 16444 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	logistix
Recipients
Date	2003-06-17.02:51:48
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=699438 Realistically, you should NEVER intentionally use chmod to set file permissions on Windows. The FAT filesystem has no permissions, and NTFS has ACLs which are much too complex to map to a chmod style call. MS only has chmod support so they can claim some level of posix compliance. I'm not saying you should drop the ability to call os.chmod on windows, but perhaps the docs should say that its not the recommended way of doing things. Unfortunately, there's not a recommended way of setting security that'll work on all Windows platforms either (although I'd start with os.popen ("cacls ...") Even win32security requires some serious programming just to get started with manipulating ACLs. Typical security looks something like this: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\grant>xcacls "\Program files" C:\Program Files BUILTIN\Users:R BUILTIN\Users:(OI)(CI)(IO)(special access:) GENERIC_READ GENERIC_EXECUTE BUILTIN\Power Users:C BUILTIN\Power Users:(OI)(CI)(IO)C BUILTIN\Administrators:F BUILTIN\Administrators:(OI)(CI)(IO)F NT AUTHORITY\SYSTEM:F NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F BUILTIN\Administrators:F CREATOR OWNER:(OI)(CI)(IO)F C:\Documents and Settings\grant>

Logged In: YES 
user_id=699438

Realistically, you should NEVER intentionally use chmod to set 
file permissions on Windows.  The FAT filesystem has no 
permissions, and NTFS has ACLs which are much too complex 
to map to a chmod style call.  MS only has chmod support so 
they can claim some level of posix compliance.

I'm not saying you should drop the ability to call os.chmod on 
windows, but perhaps the docs should say that its not the 
recommended way of doing things.  Unfortunately, there's not 
a recommended way of setting security that'll work on all 
Windows platforms either (although I'd start with os.popen
("cacls ...")  Even win32security requires some serious 
programming just to get started with manipulating ACLs.

Typical security looks something like this:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\grant>xcacls "\Program files"
C:\Program Files BUILTIN\Users:R
                 BUILTIN\Users:(OI)(CI)(IO)(special access:)
                                           GENERIC_READ
                                           GENERIC_EXECUTE

                 BUILTIN\Power Users:C
                 BUILTIN\Power Users:(OI)(CI)(IO)C
                 BUILTIN\Administrators:F
                 BUILTIN\Administrators:(OI)(CI)(IO)F
                 NT AUTHORITY\SYSTEM:F
                 NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                 BUILTIN\Administrators:F
                 CREATOR OWNER:(OI)(CI)(IO)F


C:\Documents and Settings\grant>

History
Date	User	Action	Args
2007-08-23 14:13:58	admin	link	issue755617 messages
2007-08-23 14:13:58	admin	create