One can also tell the IIS - provided one uses ISS - to let certain script run as certain users when accessed with IIS. (This is probably wiser than giving away the executing rights on individual executables - as I seen been suggested previously - since the control on What&When will be much higher this way.)
I do like that much better than what I've whipped out... however, I don't use IIS :-/ Solution #1 below would really only be useful to me if I could get PHP to do it all within a user-defined function. Now I am no IIS guru, but I'd be willing to bet that it works something like Solution #2 below (but perhaps they use the actual script name in the RUNAS call instead of the executable?).
Specifically, does anyone here know exactly how Windows determines permissions for PHP (e.g. does it check PHP executable permission, then script's permissions, etc.?)
-----Original Message----- From: Jason Barnett To: php-windows@xxxxxxxxxxxxx Sent: 2004-04-29 19:03 Subject: Running PHP as another user
It seems that several people have run into a problem where PHP did not have permission to access certain folders / files in Windows. I have two solutions that I have tried on WinXP, if others could verify if this
works on other Windows platforms this would be helpful.
Solution #1:
Use the function CACLS to grant PHP's user access to the file / folder and then return permissions to normal when finished. To do this manually use
1. Start -> Run -> cmd
2. "CACLS somefile.ext /E /G youruser:F "
3. "c:\php5\php.exe -f yourphpfile.php"
3. "CACLS somefile.ext /E /D youruser"
Since this is a shell command, I thought we could also do this from a php script. Unfortunately, I couldn't get it to work? Here's what I tried for those that want to give it a shot:
function switchUserExec($absfile, $user = null, $permission = 'F', $php = 'C:/php5/php.exe') {
$absfile = escapeshellarg($absfile);
$user = escapeshellarg($user);
$permission = escapeshellarg($permission);
$php_cli = escapeshellarg($php_cli);
$com = getenv('ComSpec').' /C ';
exec("$com CACLS $absfile /E /G $user:$permission"); exec("$com $php -f $absfile", $result); exec("$com CACLS $absfile /E /D $user");
return $result; }
Solution #2 (suphp.bat):
@ECHO OFF
REM This is an example batch file for Windows systems running php.
REM It should enable you to run PHP from the command line as any user REM you specify. The main reason I made this was to temporarily give PHP PHP permission to access files of a specific user. Change these REM lines to match the user and path info for your system
SET "PHP=C:\php5\php-win.exe" SET "USER=someuser" SET "PHP_FILE=C:\path\to\somescript.php"
REM You *can* add the switch /savecred to save the password REM and avoid retyping each time, not sure how secure this is? RUNAS /user:%USER% "%PHP% -f %PHP_FILE%" @ECHO ON
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
