使用python检查文件夹/文件ntfs权限

时间:2022-07-02 16:48:42

As the question title might suggest, I would very much like to know of the way to check the ntfs permissions of the given file or folder (hint: those are the ones you see in the "security" tab). Basically, what I need is to take a path to a file or directory (on a local machine, or, preferrably, on a share on a remote machine) and get the list of users/groups and the corresponding permissions for this file/folder. Ultimately, the application is going to traverse a directory tree, reading permissions for each object and processing them accordingly.

正如问题标题所暗示的,我非常想知道检查给定文件或文件夹的ntfs权限的方法(提示:这些是您在“security”选项卡中看到的)。基本上,我需要的是获取一个文件或目录的路径(在本地机器上,或者最好是在远程机器上的共享上),并获取用户/组列表和该文件/文件夹的相应权限。最终,应用程序将遍历目录树,读取每个对象的权限并相应地处理它们。

Now, I can think of a number of ways to do that:

现在,我可以想出很多方法来做到这一点:

  • parse cacls.exe output -- easily done, BUT, unless im missing something, cacls.exe only gives the permissions in the form of R|W|C|F (read/write/change/full), which is insufficient (I need to get the permissions like "List folder contents", extended permissions too)
  • 解析cacls。exe输出——很容易做到,但是,除非我漏掉了什么,cacls。exe仅以R|W|C|F (read/write/change/full)的形式给出权限,这是不够的(我还需要获得“List folder contents”等权限,扩展权限)
  • xcacls.exe or xcacls.vbs output -- yes, they give me all the permissions I need, but they work dreadfully slow, it takes xcacls.vbs about ONE SECOND to get permissions on a local system file. Such speed is unacceptable
  • xcacls。exe或xcacls。vbs输出——是的,它们给了我所需的所有权限,但是它们的工作速度非常慢,需要xcacls。vbs大约一秒钟获得本地系统文件的权限。这样的速度是不可接受的
  • win32security (it wraps around winapi, right?) -- I am sure it can be handled like this, but I'd rather not reinvent the wheel
  • win32security(它包围了winapi,对吧?)——我确信它可以像这样处理,但我不希望重新发明*

Is there anything else I am missing here?

这里还有什么我遗漏的吗?

1 个解决方案

#1


16  

Unless you fancy rolling your own, win32security is the way to go. There's the beginnings of an example here:

除非你喜欢自己动手,否则win32安全是最好的选择。这里有一个例子:

http://timgolden.me.uk/python/win32_how_do_i/get-the-owner-of-a-file.html

http://timgolden.me.uk/python/win32_how_do_i/get-the-owner-of-a-file.html

If you want to live slightly dangerously (!) my in-progress winsys package is designed to do exactly what you're after. You can get an MSI of the dev version here:

如果你想过一种有点危险的生活(!),我的正在开发的winsys软件包可以完全满足你的需要。您可以在这里获得开发版本的MSI:

http://timgolden.me.uk/python/downloads/WinSys-0.4.win32-py2.6.msi

http://timgolden.me.uk/python/downloads/WinSys-0.4.win32-py2.6.msi

or you can just checkout the svn trunk:

或者你可以只签下svn主干:

svn co http://winsys.googlecode.com/svn/trunk winsys

svn co http://winsys.googlecode.com/svn/trunk winsys

To do what you describe (guessing slightly at the exact requirements) you could do this:

要做你所描述的事情(猜测准确的要求),你可以这样做:

import codecs
from winsys import fs

base = "c:/temp"
with codecs.open ("permissions.log", "wb", encoding="utf8") as log:
  for f in fs.flat (base):
  log.write ("\n" + f.filepath.relative_to (base) + "\n")
  for ace in f.security ().dacl:
    access_flags = fs.FILE_ACCESS.names_from_value (ace.access)
    log.write (u"  %s => %s\n" % (ace.trustee, ", ".join (access_flags)))

TJG

TJG

#1


16  

Unless you fancy rolling your own, win32security is the way to go. There's the beginnings of an example here:

除非你喜欢自己动手,否则win32安全是最好的选择。这里有一个例子:

http://timgolden.me.uk/python/win32_how_do_i/get-the-owner-of-a-file.html

http://timgolden.me.uk/python/win32_how_do_i/get-the-owner-of-a-file.html

If you want to live slightly dangerously (!) my in-progress winsys package is designed to do exactly what you're after. You can get an MSI of the dev version here:

如果你想过一种有点危险的生活(!),我的正在开发的winsys软件包可以完全满足你的需要。您可以在这里获得开发版本的MSI:

http://timgolden.me.uk/python/downloads/WinSys-0.4.win32-py2.6.msi

http://timgolden.me.uk/python/downloads/WinSys-0.4.win32-py2.6.msi

or you can just checkout the svn trunk:

或者你可以只签下svn主干:

svn co http://winsys.googlecode.com/svn/trunk winsys

svn co http://winsys.googlecode.com/svn/trunk winsys

To do what you describe (guessing slightly at the exact requirements) you could do this:

要做你所描述的事情(猜测准确的要求),你可以这样做:

import codecs
from winsys import fs

base = "c:/temp"
with codecs.open ("permissions.log", "wb", encoding="utf8") as log:
  for f in fs.flat (base):
  log.write ("\n" + f.filepath.relative_to (base) + "\n")
  for ace in f.security ().dacl:
    access_flags = fs.FILE_ACCESS.names_from_value (ace.access)
    log.write (u"  %s => %s\n" % (ace.trustee, ", ".join (access_flags)))

TJG

TJG