in reply to Re: Is it possible to have a script run under one account and open a file using another?
in thread Is it possible to have a script run under one account and open a file using another?

Thank you for your reply.

Unfortunately, setting the permissions doesn't help when a script running under IUSR_MACHINE (the Internet Guest Account) is trying to open a file on another machine even when the other machine is on the same domain. The reason is that by default the Internet Guest Account does not have network file access.

This can be worked around by promoting the Internet Guest Account to a domain level account or by duplicating the Internet Guest Account on the other machine. The second approach is described as more secure because one doesn't want to necessarily allow all web site visitors access to other machines on the network.

I believe it's also possible to change the account that the script is running under to a domain level account or perhaps another local account that is duplicated on the other machine. I'm having trouble switching the anonymous account to a domain level account because I think my Win2K machine is not able to make sense of the Active Directory that has replaced the old NT user login account lists.

In any case, I'm wondering if it would simplify things for my users if the script were able to update the text file using a different account. Perhaps this solution is similar to switching the anonymous account under which the script runs?

I have searched through the Perl documentation but don't see any functions that allow me to do operations using a different login account. Maybe this has been left out intentionally or I'm using the wrong search criteria?

Thanks.

Richard

  • Comment on Re: Re: Is it possible to have a script run under one account and open a file using another?

Replies are listed 'Best First'.
Re: Re: Re: Is it possible to have a script run under one account and open a file using another?
by cleverett (Friar) on Jul 30, 2003 at 02:21 UTC
    I'm having trouble switching the anonymous account to a domain level account because I think my Win2K machine is not able to make sense of the Active Directory that has replaced the old NT user login account lists.

    Again, forgive me any inaccuarcies, as it's been a long, long time since I've done Windows sysadmin work, but Win2K and Active Directory should be completely compatible (well, as compatible as windows anything gets).

    • Do you have an AD server?
    • Are you able to log in as a dmomain admin on your web servers?
    • are your servers members of the domain?
[reply]
      Thank you for your reply.

      Yes, I have an AD server and I'm able to log in to all machines using a domain administrator account. All servers are members of the domain as well.

      I think the incompatibility between my Win2K development machine and the Win2K AD server have to do with some messed up configuration on my Win2K development machine. The Win2K development machine needs to have its operating system reinstalled anyway for various reasons.

      In any case, I am able to have my script file update text files on other machines as long as I switch the account under which the script file runs to an account that either has access on the domain or is duplicated on each machine. By duplicated I mean having exactly the same local username/password login accounts on each machine. I now think it's best not to try to mess around with the IUSR_MACHINE Internet Guest Account but to instead create a new account just for this purpose.

      I was originally hoping to have the script file impersonate another user login account for the purpose of updating the text file but given the other replies on this thread I'm now thinking that may cause more trouble.

      Thanks again.

      Richard

[reply]

In Section Seekers of Perl Wisdom