Re^4: perl script to copy files as admin

Replies are listed 'Best First'.
Re^5: perl script to copy files as admin by afoken (Chancellor) on Jul 25, 2009 at 08:20 UTC
Actually my intention is to do a particular work (like copy, move etc)using a previleged ID and encrypted password and then exit. You need a tool equivalent to sudo. Search the WWW for "sudo for windows", "surun", "machmichadmin" (from the german c't magazine), "makemeadmin", or "sudown" and use one of those tools. I understand that web access and giving read permission can serve the purpose, but we don't want to access those stuffs except particular user. I don't understand what you mean (`Parser error near "except particular user"`). If you want to grant one or more users access privileges to the "restricted location", a web server can easily do that, using Basic or Digest HTTP Authentication, and on Windows, you can also use NTLM authentication. Is there any perl module or utility (like File::Copy::Vigilant can varify something) is able to validate user previlege or scope to run as different user? No. Privilege checks, user authentication, and user switching are jobs of the operating system, not of an application. Applications can not do this. (Actually, there are ways to DROP privileges inside an application, and to start a different program under a different account. The most privileged account, typically root / LocalSystem, can also switch to a completely different account, but not back.) File::Copy::Vigilant is a completely different thing: It verifies that a file is copied (or moved) exactly from source to destination. No privileges and no user switching involved. Web servers often have their very own user and group management, completely separated from the underlying operating system. But for the operating system, the web server operates under a single user account, typically an unprivileged one. A second, privileged account is used to `bind()` to privileged ports and/or to run helper programs under different O/S accounts, but this is completely optional. You can use the web server approach to run programs using the privileged account, with a few minor restrictions: The web server must run using the privileged account, and the programs must not attempt to use any GUI features: No windows, no alert box, no interaction with the desktop -- simply because there is no such thing as a desktop or a GUI for background services, neither on Windows nor on Unix derivates. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^5: perl script to copy files as admin
by afoken (Chancellor) on Jul 25, 2009 at 08:20 UTC

Actually my intention is to do a particular work (like copy, move etc)using a previleged ID and encrypted password and then exit.

You need a tool equivalent to sudo. Search the WWW for "sudo for windows", "surun", "machmichadmin" (from the german c't magazine), "makemeadmin", or "sudown" and use one of those tools.

I understand that web access and giving read permission can serve the purpose, but we don't want to access those stuffs except particular user.

I don't understand what you mean (Parser error near "except particular user"). If you want to grant one or more users access privileges to the "restricted location", a web server can easily do that, using Basic or Digest HTTP Authentication, and on Windows, you can also use NTLM authentication.

Is there any perl module or utility (like File::Copy::Vigilant can varify something) is able to validate user previlege or scope to run as different user?

No. Privilege checks, user authentication, and user switching are jobs of the operating system, not of an application. Applications can not do this. (Actually, there are ways to DROP privileges inside an application, and to start a different program under a different account. The most privileged account, typically root / LocalSystem, can also switch to a completely different account, but not back.)

File::Copy::Vigilant is a completely different thing: It verifies that a file is copied (or moved) exactly from source to destination. No privileges and no user switching involved.

Web servers often have their very own user and group management, completely separated from the underlying operating system. But for the operating system, the web server operates under a single user account, typically an unprivileged one. A second, privileged account is used to bind() to privileged ports and/or to run helper programs under different O/S accounts, but this is completely optional.

You can use the web server approach to run programs using the privileged account, with a few minor restrictions: The web server must run using the privileged account, and the programs must not attempt to use any GUI features: No windows, no alert box, no interaction with the desktop -- simply because there is no such thing as a desktop or a GUI for background services, neither on Windows nor on Unix derivates.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

[reply]
[d/l]
[select]