This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author eryksun
Recipients christian.heimes, eryksun, giampaolo.rodola, noctiflore
Date 2020-07-21.01:10:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> Since the need to copy file ownership is common, I think there could
> be space for a new copy3() function which copies ownership + extended
> attributes (where possible).

FYI, Windows and POSIX have significantly different concepts about file (object) ownership. In Windows:

    * Any type of SID can be set as the owner, such as a user, global
      group, local group, well-known group, domain, or logon session. All
      of these SID types, except for user SIDs, are commonly set in the
      groups of a token. Also, the token user is not limited to just users.
      It's commonly set to a well-known group such as SYSTEM, LOCAL

    * The effective access token of a thread is granted owner rights to
      an object if the token user or any of the token's enabled groups is
      the owner of the object. For example, if an object is owned by the
      "BUILTIN\Users" local group, then all access tokens for standard-user
      logons will be granted owner rights as long as they have the
      "BUILTIN\Users" group enabled, which it is by default.
    * If not set explicitly via "OWNER RIGHTS" (i.e. S-1-3-4), the 
      owner is implicitly granted the READ_CONTROL right to query the
      object security and the WRITE_DAC right to modify the object's
      resource attributes and discretionary access-control list. As 
      long as these rights are granted implicitly, they cannot be
      denied by deny access-control entries. However, implicit owner
      rights may be denied if an object has an implicit (by object 
      type) or explicit (by label) no-read-up or no-write-up mandatory
      policy, and the token's integrity level is less than that of the

    * An explicit "OWNER RIGHTS" entry can be set in the discretionary
      access control list in order to override the implicit owner rights.
      This is not the same as setting owner rights in POSIX, since other
      ACL entries may grant or deny rights. Given the canonical priority 
      of deny access-control entries and also mandatory access control
      based on the integrity level of the object vs the token, granting
      explicit access to "OWNER RIGHTS" does not necessarily ensure the
      owner will even be granted at least the desired access in all
      contexts. Also, unlike the implicit case, if an "OWNER RIGHTS"
      entry grants READ_CONTROL and/or WRITE_DAC access, either right 
      may be denied by deny access-control entries.
Date User Action Args
2020-07-21 01:10:15eryksunsetrecipients: + eryksun, giampaolo.rodola, christian.heimes, noctiflore
2020-07-21 01:10:15eryksunsetmessageid: <>
2020-07-21 01:10:15eryksunlinkissue30044 messages
2020-07-21 01:10:15eryksuncreate