你想要win32security模块,这是
pywin32的一部分.这是
an example做你想做的事情.
该示例为文件创建一个新的DACL并替换旧文件,但很容易修改现有的文件;所有您需要做的是从安全描述符获取现有的DACL,而不是创建一个空的,如下所示:
import win32security
import ntsecuritycon as con
FILENAME = "whatever"
userx,domain,type = win32security.LookupAccountName ("","User X")
usery,"User Y")
sd = win32security.GetFileSecurity(FILENAME,win32security.DACL_SECURITY_INFORMATION)
dacl = sd.GetSecurityDescriptorDacl() # instead of dacl = win32security.ACL()
dacl.AddAccessAllowedAce(win32security.ACL_REVISION,con.FILE_GENERIC_READ | con.FILE_GENERIC_WRITE,userx)
dacl.AddAccessAllowedAce(win32security.ACL_REVISION,con.FILE_ALL_ACCESS,usery)
sd.SetSecurityDescriptorDacl(1,dacl,0) # may not be necessary
win32security.SetFileSecurity(FILENAME,win32security.DACL_SECURITY_INFORMATION,sd)