P is for Practical | |
PerlMonks |
Re: CGI, application context and securityby ady (Deacon) |
on Apr 08, 2007 at 18:19 UTC ( [id://608906]=note: print w/replies, xml ) | Need Help?? |
You are all right : MS IIS uses the default IUSR_<machine> for anon access, and this user must have appropriate ACL privileges (R.X) set for the relevant groups in order to access files from the CGI program.
The ps.exe util from MKS I used had uid:Admin and gid:SYSTEM, which did not match the IUSR privileges.
When I switched to another util on the machine : pslist.exe from PsTools installed with different gid, i was allowed get a process list from the CGI-program (I could have changed the group ownership on MKS ps.exe instead - TMTOWTDI):
Changing the privileges for the IUSR and the file ACL fixed the access problem; Then of course I ran into another issue (the IUSR wasn't authorized to access the VSS-database on a network share...), but now i know how to tweak the IIS user privileges in order to allow the CGI-program to access the necessary resources. The HTTP/CGI programming model, and not the least: the security model, is significantly different from developing rich clients. I found these ref's usefull for a Perl CGI beginner... Course TroubleShoot And then I'm switching to Perl Win32 modules instead of external utility programs for a more robust solution. Best regards allan
In Section
Seekers of Perl Wisdom
|
|