Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IUSR account

Status
Not open for further replies.
jez

jez

Programmer
Apr 24, 2001
370
VN
Hi there,

I am running lots of perl CGI scripts on IIS 5 (and they work pretty well!).
What i would like to do is give my scripts more permissions than the average user.
As i understand it, all anonymous users (and scripts) act with the permissions of the IUSR_SERVERNAME account.
One of my scripts needs to have more write access than I want the users to have. (this is so that the script can perform administration type tasks on the site for me).

Is this possible and how do i go about setting this up.
(I have the scripts it is just the accounts and setting them up I am unsure about)

From a security point of view is this dangerous ?
(currently it is for an internal/intranet webserver but I'm curious about on a live/internet site anyway).

Many thanks

Jez
 
Sort by date Sort by votes
are you going to let just any body use these scripts...if not you do not need to create any new users...just create a new folder...only allow certain users to access this folder from a web site....then when lets say a 'admin' user accesses this page they will get a login prompt....is this what you are looking for..if so I can help you set this up if need be.....

CS ***************
***************
 
Upvote 0 Downvote
The aim is for this script to edit the pages of the site.
It does this by taking a copy, making a temporary file of the editable regions of the page, changing anything on this temp file and then when all is done a preview file is created (edited mixed back with unchanged content) and finally the preview is copied over the original.

All this happens from within a restricted area of the site where certain users are logged in and out.

Problem;- the original files that make up the content are outside of this 'admin' folder, scattered over the site.
For this to work I have had to give sufficient rights to the lowest level of users (and therefore IUSR) to be able to write over the original content.

What i really need to do is to allow this script to run with more rights (like a CGI wrapper).

Right thats the problem, as for the solution....
Are you suggesting that just by having the scripts in a certain folder I can separate them from the standard anonymous user account? Or do you mean putting all the admin type tasks and targets of those tasks in a certain folder. Still i don't understand how this doesn't leave all users with the same privileges on the site.

..confused Jez
 
Upvote 0 Downvote
hehe...k...if you where to put all admin scripts into one folder...only users with a password will have rights to these scripts right!........the server will not allow 'regular' users to access this folders...they will receive a restricted area error of they try to access it without a proper name and password! Hope this clairifies things up a bit........

still confused....hope not it is really simple to do....

CS ***************
***************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
926
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
745
DrB0b
DrB0b
Kiwica
  • Locked
  • Question
Locked out domain account
Replies
4
Views
247
Kiwica
Kiwica
goombawaho
  • Locked
  • Question
How to open Change user role for user accounts wizard
Replies
2
Views
215
goombawaho
goombawaho
Mindly
  • Locked
  • Question
Can't log into SBS 2011 server with accounts that have administrator priviledges
Replies
0
Views
186
Mindly
Mindly

Part and Inventory Search

Sponsor

Back
Top