Edit report at http://bugs.php.net/bug.php?id=27051&edit=1
ID: 27051 Updated by: paj...@php.net Reported by: ghoffer at globalscape dot com Summary: Impersonation with FastCGI does not EXEC process as impersonated user -Status: Closed +Status: Feedback Type: Bug Package: CGI related Operating System: Windows PHP Version: 5.3 Assigned To: pajoye New Comment: Then I need more details about your exact configuration (windows version, IIS version, fastcgi version, etc.) Previous Comments: ------------------------------------------------------------------------ [2010-03-24 23:04:59] heer2351 at zonnet dot nl FastCGI impersonation is configured correctly and ProcMon shows that cmd.exe is started with the correct user. The fork error however still shows. I am now downloading the php-5.3.3-dev-nts-Win32-VC9-x86-dfsfix.zip file and will check if that solves the problem. ------------------------------------------------------------------------ [2010-03-24 22:51:11] paj...@php.net See my comment and related link in #50542 ------------------------------------------------------------------------ [2010-03-24 22:48:17] paj...@php.net Again, I did check in all possible configurations and it does work. However please configure impersonation correctly for FastCGI (that's not the App pool settings). ------------------------------------------------------------------------ [2010-03-24 22:45:31] heer2351 at zonnet dot nl Thanks for your fast response. I am running the website using an application pool and have configured a special user for that pool. I use the same user for anonymous access. So both the website as well as PHP use the same identity. This user has all the required rights. Just to test I have given this user rights to %COMSPEC% using cacls. Same error. Gave IUSR_xxx rights, same error. Gave IWAM_xxx rights, same error. Please check what has changed between 5.2.13 and 5.3.2 ------------------------------------------------------------------------ [2010-03-24 22:14:23] paj...@php.net Let me copy my note here as well: Quick note here. It is necessary to give a given IUSR_* the permission to use cmd.exe (%COMSPEC%). It is recommended not to do it as it may introduce security issues, obviously. But if you really want to do it, use: cacls %COMSPEC% /E /G IUSR_xxxx:R ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=27051 -- Edit this bug report at http://bugs.php.net/bug.php?id=27051&edit=1