Thank you for the replies, I'm using Windows environment:
Actually I used to do this manually using admin ID, here users will not get any access. So my intention is to create a script which will be run by user to do so.
I wanted to know is there any scope to use encripted password or compile the script in perl, here is something like:
use File::Copy;
$filetobecopied = "<dir1>\*.*"
$destcopy = "<dir2>";
copy($filetobecopied, $destcopy) or die "File cannot be copied.";
Is ther any scope to user admin id and password?
As user can not do any thing else except copying files with this compiled script.
Any idea is greatly appreciated. | [reply]
[d/l] |
The copy function of File::Copy can copy only a single file at a time, and it has to be called with a destination file name, not a directory. You could have learned that from the File::Copy documentation.
If you want to copy more than one file, you need a loop. If you want to copy an entire subtree, you need to recurse into source and destination directories. File::Copy::Recursive can do both, if you RTFM.
Regarding your privileges problem, you need to start your copy script as a privileged user. Windows has the runas command, and it offers the services infrastructure for a clean separation of a unprivileged user interface and a privileged background service. runas needs the Administrator password at runtime (and you don't want to give it away!), the service way doesn't. Remember that privileges require responsability, so use strict, use warnings, and enable the taint mode (#!perl -T). Verify all input and refuse to work when the input does not match the rules. Using a web server could be a simple workaround, for read accesss to the "restricted location", any web server could do the job, for write access, a WebDAV enabled webserver could do the trick. No need to invent new protocols. Of course, you also could use a file upload form and a CGI for write access.
Privilege separation can be a real pain under Windows, there are several attempts to clone the common su or sudo utilities, starting with a single batch file and ending with a huge services infrastructure. I still haven't seen any Windows utility as reliable and secure as sudo on Unix.
Think about your initial problem, or better: Explain it to us. Why do you think you need to to copy files from a restricted location using admin id and encrypted password? If the "restricted location" is the source, just make it world readable, but writeable only for the Administrator account. This can be done using standard Windows access controls. If the "restricted location" is the destination, you are defeating your restrictions, so just drop them and make it world (or group) writeable.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply]
[d/l]
[select] |
Thank you Alexander,
Your tips are really helping me. Actually my intention is to do a particular work (like copy, move etc)using a previleged ID and encrypted password and then exit.
I understand that web access and giving read permission can serve the purpose, but we don't want to access those stuffs except particular user.
Is there any perl module or utility (like File::Copy::Vigilant can varify something) is able to validate user previlege or scope to run as different user?
Thanks again for your input.
| [reply] |