chromatic, ww && eric256

You are all right : MS IIS uses the default IUSR_<machine> for anon access, and this user must have appropriate ACL privileges (R.X) set for the relevant groups in order to access files from the CGI program.

The ps.exe util from MKS I used had uid:Admin and gid:SYSTEM, which did not match the IUSR privileges.

C:\Program Files\MKS Toolkit\mksnt>ls -al ps*.*
owner           group 
Administrators  SYSTEM            ps.exe
Administrators  SYSTEM            psproxy.exe

[download]
When I switched to another util on the machine : pslist.exe from PsTools installed with different gid, i was allowed get a process list from the CGI-program (I could have changed the group ownership on MKS ps.exe instead - TMTOWTDI): 
C:\systools\@SI\PsTools>ls -al pslist*.*
owner           group 
Administrators  KMD\Domain+Users  pslist.exe

[download]

Changing the privileges for the IUSR and the file ACL fixed the access problem; Then of course I ran into another issue (the IUSR wasn't authorized to access the VSS-database on a network share...), but now i know how to tweak the IIS user privileges in order to allow the CGI-program to access the necessary resources.

The HTTP/CGI programming model, and not the least: the security model, is significantly different from developing rich clients. I found these ref's usefull for a Perl CGI beginner...
Course
TroubleShoot

And then I'm switching to Perl Win32 modules instead of external utility programs for a more robust solution.

Best regards
allan

In reply to Re: CGI, application context and security by ady
in thread CGI, application context and security by ady

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.