我在学校做一个信息安全保证项目,我应该使用Python检查、编辑、删除或插入文件夹/文件权限[只读、无权限、读写、删除所有权限等]。我试着在论坛周围寻找可行的解决方案,但我遵循了一些代码,这些代码最终无法完成任务。我将非常感谢你的帮助,提前谢谢你。你知道吗
def getFileACL(self):
myPath = self.fileName
"""
Get Access Control List of a file/directory
@return: PyACL object
"""
info = win32security.DACL_SECURITY_INFORMATION
sd = win32security.GetFileSecurity(myPath, info)
acl = sd.GetSecurityDescriptorDacl()
print("yaa")
return acl
def grantAccessToFile(self, myPath, userName='everyone'):
"""
Allow Permission to userName on a file/directory
@param file: path of the file/dir
@param userName: name of the user to add to the acl of the file/dir
"""
self.logger.info('Granting access to file %s' % myPath)
import ntsecuritycon as con
if os.path.isfile(myPath) or os.path.isdir(myPath):
info = win32security.DACL_SECURITY_INFORMATION
sd = win32security.GetFileSecurity(myPath, info)
acl = self.getFileACL(myPath)
user, domain, acType = win32security.LookupAccountName("", userName)
acl.AddAccessAllowedAce(win32security.ACL_REVISION, con.FILE_GENERIC_READ | con.FILE_GENERIC_WRITE | con.FILE_DELETE_CHILD | con.DELETE | win32file.FILE_SHARE_DELETE, user)
sd.SetSecurityDescriptorDacl(1, acl, 0)
win32security.SetFileSecurity(myPath, win32security.DACL_SECURITY_INFORMATION, sd)
else:
self.logger.info('File/Directory %s is not valid' % myPath)
raise IOError('myPath %s does not exist' % myPath)
def add_deny_ace(path, rights):
"""Remove rights from a path for the given groups."""
if not os.path.exists(path):
raise WindowsError('Path %s could not be found.' % path)
if rights is not None:
sd = win32security.GetFileSecurity(path, win32security.DACL_SECURITY_INFORMATION)
dacl = sd.GetSecurityDescriptorDacl()
# set the attributes of the group only if not null
dacl.AddAccessDeniedAceEx(win32security.ACL_REVISION_DS, win32security.CONTAINER_INHERIT_ACE | win32security.OBJECT_INHERIT_ACE, rights, USER_SID)
sd.SetSecurityDescriptorDacl(1, dacl, 0)
win32security.SetFileSecurity(path, win32security.DACL_SECURITY_INFORMATION, sd)
def _remove_deny_ace(path):
USER_SID = win32security.LookupAccountName("", win32api.GetUserName())[0]
"""Remove the deny ace for the given groups."""
if not os.path.exists(path):
raise WindowsError('Path %s could not be found.' % path)
security_descriptor = win32security.GetFileSecurity(path, win32security.DACL_SECURITY_INFORMATION)
dacl = security_descriptor.GetSecurityDescriptorDacl()
# if we delete an ace in the acl the index is outdated and we have
# to ensure that we do not screw it up. We keep the number of deleted
# items to update accordingly the index.
num_delete = 0
for index in range(0, dacl.GetAceCount()):
ace = dacl.GetAce(index - num_delete)
# check if the ace is for the user and its type is 1, that means
# is a deny ace and we added it, lets remove it
if USER_SID == ace[2] and ace[0][0] == 1:
dacl.DeleteAce(index - num_delete)
num_delete += 1
security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
win32security.SetFileSecurity(path, win32security.DACL_SECURITY_INFORMATION, security_descriptor)
def set_no_rights(self, path):
"""Set the rights for 'path' to be none.
Set the groups to be empty which will remove all the rights of the file.
"""
os.chmod(path, 0o000)
rights = con.FILE_ALL_ACCESS#win32file.FILE_ALL_ACCESS
self._add_deny_ace(path, rights)
def set_file_readonly(path):
"""Change path permissions to readonly in a file."""
# we use the win32 api because chmod just sets the readonly flag and
# we want to have more control over the permissions
rights = con.FILE_WRITE_DATA | con.FILE_APPEND_DATA | con.FILE_GENERIC_WRITE
# the above equals more or less to 0444
_add_deny_ace(path, rights)
def set_file_readwrite(self, path):
"""Change path permissions to readwrite in a file."""
# the above equals more or less to 0774
self._remove_deny_ace(path)
os.chmod(path, stat.S_IWRITE)
def set_dir_readonly(self, path):
"""Change path permissions to readonly in a dir."""
rights = con.FILE_WRITE_DATA | con.FILE_APPEND_DATA
# the above equals more or less to 0444
self._add_deny_ace(path, rights)
def set_dir_readwrite(self, path):
"""Change path permissions to readwrite in a dir.
Helper that receives a windows path.
"""
# the above equals more or less to 0774
self._remove_deny_ace(path)
# remove the read only flag
os.chmod(path, stat.S_IWRITE)
目前没有回答
相关问题 更多 >
编程相关推荐