Post #22,868
1/2/02 3:09:19 PM
|
create a program with access that user does not have?
We have a network folder that users have READ access to. I need for some users to be able to add content to the folder, but only under program control as there's a database associated with all the contents.
How would I give a vb program write access to a directory that the user running the program only has read access to?
Darrell Spice, Jr.
[link|http://home.houston.rr.com/spiceware/|SpiceWare] - We don't do Windows, it's too much of a chore
|
Post #22,869
1/2/02 3:23:27 PM
|
Re: create a program with access that user does not have?
you didn't say whether it was an Access database but VB and Windows makes it a reasonable guess
Access has a way of splitting the database between client and server or you could set up permissions in Access instead of the folder
A
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://wxxe.org|http://wxxe.org]
|
Post #22,871
1/2/02 4:05:22 PM
|
more info
The shared network folder contains scanned documents. Things like BOMs(bill of materials), production notes, drawings, and so on. The documents are sorted into subfolders to limit the number of files within a single folder.
Information about each document is stored in an Access database to make looking up documents about a specific item easier. The documents are also printed out automatically during the creation of a work order to give the production team the information they need to build the item. Before the scanned documents were set up, we used to have a group of people pulling folders and making photo copies. Took a lot of time and document folders were sometimes put back in the wrong location.
User update access to the Access database is not the problem. The problem is update access to the folder were the scanned documents are kept. If somebody accidently renames or deletes a file we'll have problems, so all users have read-only access. I want the VB program to be able to add new documents to the folder after it's verified the user input.
Darrell Spice, Jr.
[link|http://home.houston.rr.com/spiceware/|SpiceWare] - We don't do Windows, it's too much of a chore
|
Post #22,889
1/2/02 6:24:37 PM
|
Can you run the program as a different user?
Using that SU command like Unix does, I think that Windows should have something like that for NT or 2000? I never investigated it, but heard about it.
Another thing you could do is have a server app program run every five minutes on the server and copy the files to an incoming directory and add an entry in the server database for the path and server name to copy to. The server program will have write access to that path even if the user does not. Sort of like a batch processing job. Every five minutes it will copy the data from the incoming directory to the real directory.
"In order to completely solve a problem, you must make sure that the root of the problem is completely removed! If you leave the root, the problem will come back later to get you." - Norman King
|
Post #22,987
1/3/02 2:26:56 PM
|
That's what I'm trying to find out
however, I suspect that since Windows Security is an oxymoron that such a feature doesn't exist.
I'll probably end up doing your latter suggestion, was just hoping to find a "program security" way to do it as the code is a bit cleaner that way.
Darrell Spice, Jr.
[link|http://home.houston.rr.com/spiceware/|SpiceWare] - We don't do Windows, it's too much of a chore
|
Post #22,989
1/3/02 2:30:11 PM
|
Since NT copied Unix networking
I think they should have an "SU" command.
"In order to completely solve a problem, you must make sure that the root of the problem is completely removed! If you leave the root, the problem will come back later to get you." - Norman King
|
Post #23,023
1/3/02 4:49:11 PM
|
Re: Since NT copied Unix networking
W2K has Run as...
which is like SU
If the program was a desktop icon you could shift-rightclick and get a menu with Run as... among the options
you could enter another username password domain and run the program as that user
Of course once the user has the password....
A
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://wxxe.org|http://wxxe.org]
|
Post #23,024
1/3/02 4:54:04 PM
|
Oh sooo close
I'll have to let the PC guy know about this trick - I'm sure it'll help him out!
Darrell Spice, Jr.
[link|http://home.houston.rr.com/spiceware/|SpiceWare] - We don't do Windows, it's too much of a chore
|
Post #23,025
1/3/02 4:54:27 PM
|
Re: Since NT copied Unix networking
What has UNIX networking to do with "su"?
I just don't see the connection.
Peter
Shill For Hire
[link|http://www.kuro5hin.org|There is no K5 Cabal]
|
Post #23,175
1/4/02 6:43:15 PM
|
NTFS security sorta handles this
You have to do this with NTFS permissions, not share permissions because share permissions aren't granular enough. (I almost always have the trivial access control list of Everyone:Full Control for share permissions). Grant Write, Read and Execute, and List on the directory. This allows the addition of new files, but not their deletion.
There are 2 wrinkles:
1. Users can modify these created files, but you said "...renames or deletes..."--would modifying the file also be a problem? If so, then I suspect that this can still be solved on 2k/XP with inheritable permissions but I don't know for sure.
2. The owner of a file has an irrevokable Change Permissions right. Therefore, whoever creates a file can set whatever permissions they want.
RunAs is a possiblilty, but there is nothing like suid root. I haven't tried invoking a shell from VB using runas--I think I see an experiment this afternoon.
FAQ! We're scrod!
|
Post #23,467
1/8/02 8:28:23 AM
|
If it's Windows NT (or 2000 or XP) you're talking about...
...then you can make your program (or a separate little file-copier program that your main program calls) run as a system service.
I could find you links, or ready-made components, to do this -- in Delphi... Dunno if VB can create services at all, though.
HTH.
Christian R. Conrad
The Man Who Knows Fucking Everything
|
