[3.9] gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488) (GH-118741)

Co-authored-by: Łukasz Langa <lukasz@langa.pl>
2025-12-23 09:19:18 +00:00 · 2024-05-24 18:27:01 +01:00 · 2024-05-24 18:27:01 +01:00 · 5130731c9e
commit 5130731c9e
parent b228655c22
6 changed files with 107 additions and 3 deletions
--- a/Lib/test/test_os.py
+++ b/Lib/test/test_os.py
@ -1493,6 +1493,18 @@ class MakedirTests(unittest.TestCase):
        self.assertRaises(OSError, os.makedirs, path, exist_ok=True)
        os.remove(path)

+    @unittest.skipUnless(os.name == 'nt', "requires Windows")
+    def test_win32_mkdir_700(self):
+        base = support.TESTFN
+        path = os.path.abspath(os.path.join(support.TESTFN, 'dir'))
+        os.mkdir(path, mode=0o700)
+        out = subprocess.check_output(["cacls.exe", path, "/s"], encoding="oem")
+        os.rmdir(path)
+        self.assertEqual(
+            out.strip(),
+            f'{path} "D:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;FA;;;OW)"',
+        )
+
    def tearDown(self):
        path = os.path.join(support.TESTFN, 'dir1', 'dir2', 'dir3',
                            'dir4', 'dir5', 'dir6')
--- a/Lib/test/test_tempfile.py
+++ b/Lib/test/test_tempfile.py
@ -11,6 +11,7 @@ import contextlib
 import stat
 import types
 import weakref
+import subprocess
 from unittest import mock

 import unittest
@ -772,6 +773,33 @@ class TestMkdtemp(TestBadTempdir, BaseTestCase):
        finally:
            os.rmdir(dir)

+    @unittest.skipUnless(os.name == "nt", "Only on Windows.")
+    def test_mode_win32(self):
+        # Use icacls.exe to extract the users with some level of access
+        # Main thing we are testing is that the BUILTIN\Users group has
+        # no access. The exact ACL is going to vary based on which user
+        # is running the test.
+        dir = self.do_create()
+        try:
+            out = subprocess.check_output(["icacls.exe", dir], encoding="oem").casefold()
+        finally:
+            os.rmdir(dir)
+
+        dir = dir.casefold()
+        users = set()
+        found_user = False
+        for line in out.strip().splitlines():
+            acl = None
+            # First line of result includes our directory
+            if line.startswith(dir):
+                acl = line.removeprefix(dir).strip()
+            elif line and line[:1].isspace():
+                acl = line.strip()
+            if acl:
+                users.add(acl.partition(":")[0])
+
+        self.assertNotIn(r"BUILTIN\Users".casefold(), users)
+
    def test_collision_with_existing_file(self):
        # mkdtemp tries another name when a file with
        # the chosen name already exists