Hey folks,
To sum things up, I've got two servers: one in an NT Domain and one not in
an NT Domain. I would like to set NTFS permissions on shared directories
residing on the server in the NT Domain using a Perl/CGI script running off
of the other server without a domain. Big Problem. I've been lulled into a
sense of confidence about the succes of this setup up until now by my
somewhat innapropriate testing environment and a woeful lack of NT/2000
security programming experience.
In other words, everything worked fine until I tried to actually put this
into production. Win32::FileSecurity::Set() has no way of determing username
SID's unless it somehow has access to that user's NT Domain, from what I can
tell. You just can't get away with setting MYDOMAIN\user on a shared
directory from the CGI script in this setup. Everything is dependent on
resolving SIDs. This makes perfect sense in hindsight, of course.
So, am I wrong??? Is there a way out of this mess? I'm sure I glossed over
more than a handful of details for the sake of expendiency. Does someone
have a module or COM object they can suggest to fullfill this task? If I
could lookup a username against a specific NT Domain (PDC & BDC controllers
or otherwise) to return an SID and then set that SID on the directory
permissions somehow (that part might be trivial in fact) via Win32API calls
in C this might just have a chance of working.
Can anyone shed any light on this situation???
Many Thanks,
DTS
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
