From c4b3f7a027ecf8258ecf173812263dde27b9eaaa Mon Sep 17 00:00:00 2001
From: Steve Dower <steve.dower@python.org>
Date: Wed, 15 May 2024 11:59:41 +0100
Subject: [PATCH] gh-118486: Simplify test_win32_mkdir_700 to check the exact
 ACL (GH-119056)

---
 Lib/test/test_os.py   | 23 ++++++++---------------
 Modules/posixmodule.c |  2 +-
 2 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
index e0fe178cda14be..84f78c222982a8 100644
--- a/Lib/test/test_os.py
+++ b/Lib/test/test_os.py
@@ -1383,21 +1383,14 @@ def test_exist_ok_existing_regular_file(self):
     @unittest.skipUnless(os.name == 'nt', "requires Windows")
     def test_win32_mkdir_700(self):
         base = support.TESTFN
-        path1 = os.path.join(support.TESTFN, 'dir1')
-        path2 = os.path.join(support.TESTFN, 'dir2')
-        # mode=0o700 is special-cased to override ACLs on Windows
-        # There's no way to know exactly how the ACLs will look, so we'll
-        # check that they are different from a regularly created directory.
-        os.mkdir(path1, mode=0o700)
-        os.mkdir(path2, mode=0o777)
-
-        out1 = subprocess.check_output(["icacls.exe", path1], encoding="oem")
-        out2 = subprocess.check_output(["icacls.exe", path2], encoding="oem")
-        os.rmdir(path1)
-        os.rmdir(path2)
-        out1 = out1.replace(path1, "<PATH>")
-        out2 = out2.replace(path2, "<PATH>")
-        self.assertNotEqual(out1, out2)
+        path = os.path.abspath(os.path.join(support.TESTFN, 'dir'))
+        os.mkdir(path, mode=0o700)
+        out = subprocess.check_output(["cacls.exe", path, "/s"], encoding="oem")
+        os.rmdir(path)
+        self.assertEqual(
+            out.strip(),
+            f'{path} "D:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;FA;;;OW)"',
+        )
 
     def tearDown(self):
         path = os.path.join(support.TESTFN, 'dir1', 'dir2', 'dir3',
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 712bef16fde25f..2ec8458cb51bfb 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -4173,7 +4173,7 @@ os_mkdir_impl(PyObject *module, path_t *path, int mode, int dir_fd)
     if (mode == 0700 /* 0o700 */) {
         ULONG sdSize;
         pSecAttr = &secAttr;
-        // Set a discreationary ACL (D) that is protected (P) and includes
+        // Set a discretionary ACL (D) that is protected (P) and includes
         // inheritable (OICI) entries that allow (A) full control (FA) to
         // SYSTEM (SY), Administrators (BA), and the owner (OW).
         if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(