CGI with rights on win32

the_slycer has asked for the wisdom of the Perl Monks concerning the following question:

I am in the midst of trying to convert one of my system admin scripts to a web based format. This script does a very good job of resetting many user's passwords at once.

The problem that I am having is that (obviously) when the script is run from the command line it uses the rights of the person running it, but when running via CGI it uses whatever user account IIS is running on (right? I think that's right). Obviously, the IIS account does not have rights to reset passwords. So what I need to do is run the CGI script as one of our accounts which does have the rights.

Now, this server is protected at many other levels, and the only people that have access to it are people that could do this manually anyways. I do not admin the server, but I know that one of the environment variables on the machine is the password of the account that I need to run this script as ( something like $ENV{USERPASS} ).

I have messed around a bit attempting to use "su" to run the CGI script as the proper user, the problem is that I am not getting a proper response from "su" - I think this is because it launches itself in a new command prompt. In otherwords using something like my $response=`su account command DOMAIN < filewithpassword` is simply not giving me a response. Completely blank.

Am I barking up the wrong tree here? Is there a simpler way to do this? Any suggestions?

Comment on CGI with rights on win32 Download Code

Replies are listed 'Best First'.
Re: CGI with rights on win32 by davemabe (Monk) on Jun 19, 2001 at 21:36 UTC
Try enabling NTLM Security (and Basic Authentication if you have Netscape users) for the directory and disabling anonymous access. Then the user will be prompted for their NT username and password and your script will run with those rights. Note that this is not a cross platform solution, but it is the easiest. Dave	[reply]
Re: CGI with rights on win32 by Eradicatore (Monk) on Jun 19, 2001 at 22:08 UTC
You say in your title "win32" but then you talk about su. I wasn't aware of su being a win32 command, but I admit to know very little about win32. Either way, if you can do this on unix, you may want to look at this program CGIwrap. Or maybe there is a equivalent program for win32. This is a program I use on my isp to do a cgi script that records lunchtime basketball attendance each day using just a flat file. Anyway, it lets the cgi script run as the owner, and possibly more. You may want to use this as a starting point to look for other tools that do similar things too. Just a suggestion. Justin Eltoft "If at all god's gaze upon us falls, its with a mischievous grin, look at him" -- Dave Matthews	[reply]