Re: Is it possible to have a script run under one account and open a file using another?

What you want should be doable with Win32::AdminMisc's CreateProcessAsUser or LogonAsUser functions, with example code included in the RUNAS.PL file that accompanies the install.

But ... you'll have to put the password for whatever account you log into in the CGI script, so whether or not this is a "bad idea" depends on your level of paranoia and confidence in the security of your scripts.

--k.

Comment on Re: Is it possible to have a script run under one account and open a file using another? Select or Download Code

Replies are listed 'Best First'.
Re: Re: Is it possible to have a script run under one account and open a file using another? by rzward (Monk) on Jul 30, 2003 at 01:35 UTC
Thank you for the tip. Win32::AdminMisc has LogonAsUser, which appears to be what I'm looking for. I was hoping for a platform independent function but I guess that's not possible. Looking at the requirements for functions such as LogonAsUser, switching the anonymous user account under which the scriopt runs might be less trouble than asking system administrators to set priveleges such as "SeTcbPrivilege", "SeChangeNotify" and "SeAssignPrimaryToken". I'll take a closer look. Thank you! Richard	[reply]
Re: Re: Re: Is it possible to have a script run under one account and open a file using another? by MidLifeXis (Monsignor) on Jul 30, 2003 at 10:28 UTC
If you want it to be portable, abstract it one level, and then bring in whatever code you need based on the OS in your abstraction layer rather than the application layer. As you need support for new environments, you only adjust your abstraction layer. Example: `# Application.pl use IO::File::AsUser; # Your abstraction layer my $fh = IO::File::AsUser->open($file, $user); # AsUser.pm package IO::File::AsUser; #blah blah sub open { if ($Windows) { do_what_needs_to_be_done_on_windows(); } elsif ($Unix} { do_what_needs_to_be_done_on_unix(); } }` [download]	[reply] [d/l]