IIS and child process permissions

qadwjoh has asked for the wisdom of the Perl Monks concerning the following question:

Hi

I'm running a Perl CGI script, served by IIS which launches a second (non-CGI) script to read and write to a network share. I've set up the first script to run under Anonymous Access and set up a special user ID to be the Anonymous account, thinking that it would pass this onto the second script so that it could access the network share. But it doesn't - I get a permissions error when trying to read a file from the share.

Does anyone know how I can run the second script under the special user ID I created? Can I pass the user ID from the parent script onto the child script? Or can I run the second script and change the user ID it's running under, with actual Perl code?

thanks,
A

Edited by castaway retitle from "IIS and Perl CGI problem".

Comment on IIS and child process permissions

Replies are listed 'Best First'.
Re: IIS and Perl CGI problem by inman (Curate) on Oct 20, 2003 at 16:23 UTC
When IIS is configured to allow 'Anonymous' access, it is actually configured to use the IUSR_Server account for access to local and network resources. This Node has some useful information on reconfiguring the user account that IIS uses for 'Anonymous' browsers. It would be worth changing the account to one that has enough network access to see if your child process was run under the same account and could also access network resources. This would then mean that you have solved your problem by re-configuring IIS rather than coding anything that would be Win32 specific. Inman	[reply]
Re: Re: IIS and Perl CGI problem by qadwjoh (Scribe) on Oct 21, 2003 at 08:57 UTC
How do I determine if the account I've given has enough network access to see if the child process was run under the same account? A	[reply]
Re: Re: Re: IIS and Perl CGI problem by inman (Curate) on Oct 21, 2003 at 15:16 UTC
The only real way to make sure is to test it and see if it works! IIS should launch any application under the same user account as the script is running. The default IUSR_Server account has very little access to much at all. Choosing another user account will allow you to set the level of access to a network resource using the ACL on that resource. (Look on the security tab of the windows share properties page for the share that you are trying to access.). The easiest way to test this is to try and connect to the network drive using the 'connect as a different user' option. This will allow you to see whether you can make the connection. inman	[reply]
Re: Re: Re: Re: IIS and Perl CGI problem by qadwjoh (Scribe) on Oct 22, 2003 at 11:11 UTC