Cross-platform way to check admin rights in a Python script under Windows?

Question

Is there any cross-platform way to check that my Python script is executed with admin rights? Unfortunately, os.getuid() is UNIX-only and is not available under Windows.

I'm a linux programmer. What's an "admin right"? It is a permission? — S.Lott, Jun 22 '09 at 10:46
Doesn't sound like the concept of "admin right" is cross-platform, then. There isn't an trivial parallel. — S.Lott, Jun 22 '09 at 11:37
basically, it divides if script runs under current user account or via sudo / "run as administrator", i.e. can make modifications to a system. — grigoryvp, Jun 22 '09 at 12:38
It sounds like you need not a cross platform way for doing this, but rather a windows equivalent of it. — SingleNegationElimination, Jun 23 '09 at 05:46

grigoryvp · Accepted Answer · 2010-01-09T17:03:07.817

64

import ctypes, os
try:
 is_admin = os.getuid() == 0
except AttributeError:
 is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0

print is_admin

edited Jan 09 '10 at 17:03

answered Jun 22 '09 at 11:22

grigoryvp

40,413
64
174
277

2

`os.geteuid()` might be useful if the script is an setuid executable (i.e, the script was converted to a stand-alone executable e.g., using PyInstaller or cx_Freeze and setuid flag has been set). `os.getuid()` won't work in this case. See [example](https://gist.github.com/1361886). – jfs Nov 13 '11 at 09:39
2

This doesn't work under Cygwin Python. I'm running Python 2.7.10 on Cygwin 64. os.getuid() returns 4875961 even though I'm running 'as administrator' . And the ctypes module has no 'windll'. – Andrew Bainbridge Apr 07 '16 at 10:48
produce `function 'IsUserAnAdmin' not found` on windows xp – Jossef Harush Kadouri Nov 20 '16 at 14:54

Bryce Guinta · Answer 2 · 2017-04-02T20:20:21.010

Here's a utility function I created from the accepted answer:

import os
import ctypes

class AdminStateUnknownError(Exception):
    """Cannot determine whether the user is an admin."""
    pass


def is_user_admin():
    # type: () -> bool
    """Return True if user has admin privileges.

    Raises:
        AdminStateUnknownError if user privileges cannot be determined.
    """
    try:
        return os.getuid() == 0
    except AttributeError:
        pass
    try:
        return ctypes.windll.shell32.IsUserAnAdmin() == 1
    except AttributeError:
        raise AdminStateUnknownError

score 4 · Answer 3 · answered Jun 22 '09 at 10:47

4

It's better if you check which platform your script is running (using sys.platform) and do a test based on that, e.g. import some hasAdminRights function from another, platform-specific module.

On Windows you could check whether Windows\System32 is writable using os.access, but remember to try to retrieve system's actual "Windows" folder path, probably using pywin32. Don't hardcode one.

answered Jun 22 '09 at 10:47

macbirdie

16,086
6
47
54

I'm very curious right about an hasAdminRights() function of some platform-specific module :). Unfortunately, google can't answer such function's name. Testing system32 look reasonable, but the code will look like a crude hack :(. – grigoryvp Jun 22 '09 at 10:51
Sorry, it was just an example of a function name. I don't think there's a better way to do it than to check for platform type. The most right method would be to try to elevate your rights with UAC the moment you want to install the font, because you don't need those all the time. So first you would have to check if you have admin rights on pre-Vista and fail at start. If it's post XP/2003, fail only if you can't elevate the rights, since e.g. user didn't want give permission to UAC or doesn't have administrator's password. – macbirdie Jun 22 '09 at 11:34

score 3 · Answer 4 · answered Jun 22 '09 at 10:25

3

Try doing whatever you need admin rights for, and check for failure.

This will only work for some things though, what are you trying to do?

answered Jun 22 '09 at 10:25

cobbal

69,903
20
143
156

I need to install a system-wide font, this require admin rights on windows vista+. – grigoryvp Jun 22 '09 at 10:50
2

EAFP is usually the best but sometimes you have to LBYL. A program I call returns an ambiguous error if the user is not an administrator. This error is the same as if the user supplied an invalid argument to the program. – Bryce Guinta Apr 02 '17 at 20:00
...and the predictably awful EAFP non-answer rears its ugly head. In our case, we'd like to prevent our application from being run as the superuser – because doing so could constitute a security risk and, in any case, is *always* the wrong thing to do. EAFP is little to no help here. There is no specific action to prohibit but rather the entire category of *all* actions when run as a specific user. – Cecil Curry Sep 01 '17 at 07:22

score 1 · Answer 5 · answered Jun 24 '09 at 14:07

1

Administrator group membership (Domain/Local/Enterprise) is one thing..

tailoring your application to not use blanket privilege and setting fine grained rights is a better option especially if the app is being used iinteractively.

testing for particular named privileges (se_shutdown se_restore etc), file rights is abetter bet and easier to diagnose.

answered Jun 24 '09 at 14:07

Bob Blanchett

164
7

If script runs external apps / scripts that is documented like "use sudo" it's kind of hard to guess what rights they exactly need. – grigoryvp Jan 09 '10 at 17:04

Cross-platform way to check admin rights in a Python script under Windows?

5 Answers5

Linked

Related