SUID on NT

kakaze has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I am trying to write a web based mail form but unfortunately, it has to be on NT. I've got the thing mailing using the script from the command line but it doesn't send the mail through the script run as a web form. I'm logged in as administrator on the command line so I reckon the problem is that the CGI user does not have permissions so access the SMTP server. Is there a way I can su to the administrator to send the mail as part of the web script? I know it's easy on Unix (god how I miss it) but I'm stumped at finding a way on NT. BTW, the server I'm using is Apache but I'm damned if I can find the section in the conf file where the CGI user is specified, I know it in Unix. Any suggestions would be greatfully appreciated. Regards, Kakaze

Comment on SUID on NT

Replies are listed 'Best First'.
Re: SUID on NT by dws (Chancellor) on Mar 23, 2001 at 02:35 UTC
Try a two-step process. Have your CGI drop files into a known directory, then have a separate process (one running with the permissions of the logged-in user, perhaps) periodically scan the directory and process any files that need to be mailed.	[reply]
Re: Re: SUID on NT by kakaze (Sexton) on Mar 23, 2001 at 02:39 UTC
Hi Dws, I'm slapping my head here and going DOH! So easy, so simple, so stupid of me not to think of that! :) Thanks, perfect solution!! Regards, Kakaze	[reply]
(tye)Re: SUID on NT by tye (Sage) on Mar 23, 2001 at 02:43 UTC
FYI, the closest thing to SUID on NT is LogonUser followed by CreateProcessAsUser. I'm not sure which modules implement these and how well but suspect that http://www.roth.net/ has some (probably Win32::AdminMisc) even though I don't particularly like the way they handle their modules. - tye (but my friends call me "Tye")	[reply]
Re: SUID on NT by BigJoe (Curate) on Mar 23, 2001 at 02:24 UTC
There is a couple of things you can do. One is go into Internet Service manager and go to the properties of SMTP then go to security and take out the check in don't allow annonymous access. This of-course is very insecure. the second is set up another machine as a SMTP gateway. Then use Net::STMP to connect and send out the email through it. On the security side of this you will need to do two allow smtp traffic from your web server (via IP address). This can be done in ISM also. Then you can connect and send it on its marry way. --BigJoe Learn patience, you must. Young PerlMonk, craves Not these things. Use the source Luke.	[reply]
Re: Re: SUID on NT by kakaze (Sexton) on Mar 23, 2001 at 02:32 UTC
Hi BigJoe, Yep, they're both the ideas I had and didn't go for, the first for the security aspect rules that out and the second is unfortunately not an option :( I'm using the Net:SMTP approach but since we only have the one machine, that has to be the SMTP gateway and all the inherent security risks involved prohibit using that for anonymous access. Ho Hum, back to scratching my head. Thanks for the help! Kakaze	[reply]