> Up to a point: this meets the case where we fail to access > the file at all (for read or write or whatever). But what > about where we can read the directory entry, and the > read-only attribute isn't set? At present, we'll return > True to a W_OK access check in these circs, but this user > might in fact be denied write access by the ACLs. (In fact, > they might even be denied read access, since I imagine we > only need access to the directory entry to check the > attributes).
That's my question exactly: what do you need to do GetFileAttributes successfully? In a POSIX world, you need read permission on the directory. In Windows, with the "bypass-traversal-check" privilege, you only need read permission on the directory if you want to list it, not to access a file in the directory. Is it actually possible for GetFileAttributes to ever fail for security reasons? > BTW I can't see a tutorial in the AccessCheck docs here: > > http://msdn2.microsoft.com/en-us/library/aa374815.aspx > > or in the SDK help file. Were you referring to a different > set of docs? I meant http://msdn2.microsoft.com/en-us/library/aa379648.aspx and thought it was linked from AccessCheck, but it apparently isn't. Regards, Martin -- http://mail.python.org/mailman/listinfo/python-list
