chromatic, ww && eric256
You are all right : MS IIS uses the default IUSR_<machine> for anon access, and this user must have appropriate ACL privileges (R.X) set for the relevant groups in order to access files from the CGI program.
The ps.exe util from
MKS I used had uid:Admin and gid:SYSTEM, which did
not match the IUSR privileges.
C:\Program Files\MKS Toolkit\mksnt>ls -al ps*.*
owner group
Administrators SYSTEM ps.exe
Administrators SYSTEM psproxy.exe
When I switched to another util on the machine : pslist.exe from
PsTools installed with different gid, i was allowed get a process list from the CGI-program (I could have changed the group ownership on MKS ps.exe instead - TMTOWTDI):
C:\systools\@SI\PsTools>ls -al pslist*.*
owner group
Administrators KMD\Domain+Users pslist.exe
Changing the privileges for the IUSR and the file ACL fixed the access problem; Then of course I ran into another issue (the IUSR wasn't authorized to access the VSS-database on a network share...), but now i know how to tweak the IIS user privileges in order to allow the CGI-program to access the necessary resources.
The HTTP/CGI programming model, and not the least: the security model, is significantly different from developing rich clients. I found these ref's usefull for a Perl CGI beginner...
Course
TroubleShoot
And then I'm switching to Perl
Win32 modules instead of external utility programs for a more robust solution.
Best regards
allan