Cannot run xcacls to modify user rights on a certain file?

Q

Quentin Huo

Hi:

I am working in win 2003 and ASP.NET. I tried to modify the user rights from
an ASPX (writen in C#) page through running xcacls. But failed. What I did
is:

Process myProcess = new Process();

myProcess.StartInfo.FileName = "cmd.exe";

myProcess.StartInfo.Arguments = @"/C xcacls filename /T /E /G username:R;R
/Y";

myProcess.StartInfo.UseShellExecute=false;

myProcess.StartInfo.RedirectStandardOutput = true;

myProcess.StartInfo.CreateNoWindow = true ;

myProcess.Start();


However, it worked if only try to get the ACLs information:
myProcess.StartInfo.Arguments = @"/C xcacls filename /Y";



I think it might be caused by security setting of my system so that it did
not allow to change the security right.

Does anyone know where the problem is?

Thanks

Q.
 
J

Jeff Dillon

Under what user account context is your ASPX page running under? The
current account probably doesn't have sufficient rights.

Jeff
 
S

Scott Allen

Does the NETWORK SERVICE have ownership of the file? Or does it have
the "Change permissions" permission?

You'll have to give these permissions to the NETWORK SERVICE account,
or run the worker process under an account with these permissions (or
use impersonation and Pinvoke Win32 API functions to make the change -
but that's not easy in 1.1). There are actually quite a number of
alternatives to get this working depending on what you need to do.
 
S

Scott Allen

OK, but the Process you launch will use the same security context as
the parent process, by default that is NETWORK SERVICE on Win2k3.
 
S

Scott Allen

Then your process will not have permissions. You'll need to give the
account some additional permissions, if possible.
 
Q

Quentin Huo

Hi:

I just tried to give the NETWORK SERVICE account "modify" permission on its
working directory and its target directory, but it still doesn't work and no
any error message.

What I need to do is to create new directories and modify the user rights on
the new folders, from an aspx page.

Any better idea?

Thanks a lot!

Q.
 
S

Scott Allen

Hi Quentin,

Go into the Advanced tab, highlight the Account, and click Edit.
You'll want to make sure "create folders" and "change permission" are
enabled.
 
Q

Quentin Huo

Hi:

I just tried: failed, even I gave it full control on the directory. DO I
need to config other directory?

Thanks a lot!

Q.
 
S

Scott Allen

Hmm, that's odd. You may want to redirect standard output and either
to a file, or read StandardOutput with a StreamReader and see if the
process reports any errors (or perhaps it is not starting).
 
J

Jeff Dillon

Give EVERYONE Full control, and go from there

Or run your ASPNET application under an admin account. Or add NETWORK SERVER
to admins..

I can think of many things I would try...

Jeff
 
Q

Quentin Huo

Hi,

thank you very much!

Yesterday I made a mistake. In fact, after I gave the modify right to
NETWORK SERVICE account, it worked.

Thanks again.

Q.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Use process class to run batch file in web server 5
Simple Process problem 5
Getting StandardIn has not been redirected when starting new Process 5
Starting application like: C:\Direct -a -b -c <C:\Script.src > C:\log.txt 1
Redirect StandardOutput problem 6
Problem in executing a script on the server side ! Script found but nothing executed ! 1
Run as Administrator, then execute something as the user 4
Writing to a Process 2

Top