[Mongrel] Mongrel as Windows service with normal privileges

Ingmar Stieger ml at stiegerhs.de
Thu Jun 5 09:00:17 EDT 2008 

>
> The thing is that looking at the initial post:
>
> 6. Running the service with service user only in Users (or Power Users) group
>   ===> DOES NOT WORK
>
> This make me think that running as user is not working, but the thing
> is is not actually working under LocalSystem account, I'm correct?
>   

Sorry if that was not clear. It does work as service under LocalSystem 
but it does not work as service under user "web".

>> C:\>sc qc rails3
>> [SC] QueryServiceConfig SUCCESS
>>
>> SERVICE_NAME: rails3
>>       TYPE               : 10  WIN32_OWN_PROCESS
>>       START_TYPE         : 3   DEMAND_START
>>       ERROR_CONTROL      : 1   NORMAL
>>       BINARY_PATH_NAME   : "c:/ruby/bin/mongrel_service.exe" single -e
>> develop
>> ment -p 3000 -a 127.0.0.1 -l "log/mongrel.log" -P "log/mongrel.pid" -c
>> "C:/rails
>> /x" -t 0 -r "public" -n 1024
>>       LOAD_ORDER_GROUP   :
>>       TAG                : 0
>>       DISPLAY_NAME       : rails3
>>       DEPENDENCIES       :
>>       SERVICE_START_NAME : .\web
>
> SERVICE_START_NAME looks like web is the username used?
>   

Yes, "web" is the restricted user.

> I made a test application when this was shown the first time, can you
> please try with it and provide me the output.
>   
I've added a small INPUT "Press Enter.", s line at the end. This is the 
output:

runas /user:web proc_info.exe

*** CURRENT PROCESS ***
EnumProcessModules (PID, name): 3904      proc_info.exe
Module32First (PID, name): 3904           proc_info.exe
GetProcessImageFileName (PID, name): 3904 
\Device\HarddiskVolume5\Temp\proc_info
.exe

*** PARENT PROCESS ***
EnumProcessModules (PID, name): 244       Error with OpenProcess
GetLastError: 5Zugriff verweigert
<unknown>
Module32First (PID, name): 244            Error Creating Snap (SNAPMODULE)
GetLastError: 5Zugriff verweigert
<unknown>
GetProcessImageFileName (PID, name): 244  Error with OpenProcess
GetLastError: 5Zugriff verweigert
<unknown>
Press Enter.

Zugriff verweigert = Access denied.

I think this confirms my suspicion that the normal user "web" may not 
query the parent process. What do you think ?

Bye,
Ingmar



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/mongrel-users/attachments/20080605/f62afec4/attachment-0001.html>

More information about the Mongrel-users mailing list