Re: Writing a trace log file - permission problem
- From: "Alexander Grigoriev" <alegr@xxxxxxxxxxxxx>
- Date: Fri, 29 Sep 2006 20:37:37 -0700
File opened with FILE_SHARE_WRITE and FILE_APPEND_DATA can be safely
truncated at any time by another process.
"JJ" <jjj@xxxxxxxxxx> wrote in message
news:uvfwtO$4GHA.1256@xxxxxxxxxxxxxxxxxxxxxxx
That would avoid losing data, but ideally I want to only open the file
when I need to write to it so it is not always open. If I keep it open,
the service would have to be stopped in order to truncate (delete) the
file. I would like to avoid that.
Here's a question (I could try this, but if anyone knows off hand it would
save time). Could I start a thread before any impersonation is done, then
send messages to that thread while I am impersonating, and have that
thread do the opens/writes/closes? That is, when I impersonate, does that
affect the entire process and all threads already started, or only the
current and subsequent threads?
"Alexander Grigoriev" <alegr@xxxxxxxxxxxxx> wrote in message
news:eDsOjC94GHA.3736@xxxxxxxxxxxxxxxxxxxxxxx
Open the file with:
SYNCHRONIZE | FILE_APPEND_DATA access mask, FILE_SHARE_READ sharing.
Keep it always open. The users will be able to read the file while the
service keeps writing to it. This will also prevent a rogue user from
opening the file without FILE_SHARE_WRITE. This will also prevent logging
failures if an user app happens to open the file for reading in exclusive
mode.
"JJ" <jj@xxxxxxxxxx> wrote in message
news:uEsfvG34GHA.3840@xxxxxxxxxxxxxxxxxxxxxxx
I'm looking for ideas on how I might handle this.
I have a program that runs as a service. Normally the service will run
in the System account or as a user with admin rights.
It writes a log file - a simple text file. It does this so a user or
support personel could get some information about what the service is
doing since it has no user interface. When it writes this file, for
every entry it opens the file, writes the data, then closes the file.
While inefficient, it avoids any issues with buffering and allows the
log file to be deleted at (just about) any time without having the file
locked due to the service holding it open.
At certain times, the service impersonates another user and this user
may not have admin rights. The problem is that the service must log
some data while impersonating this user, and since the log file was
created by an admin user, this impersonated user does not have rights to
open or write to the file.
While I could theoretically set the permissions on the file when it is
created so everyone had write permission on it, it is somewhat
attractive to allow only admins the right to change or delete the log
file.
What technique could I use to write to this file while the service is
impersonating a user who does not have access to it?
.
- References:
- Writing a trace log file - permission problem
- From: JJ
- Re: Writing a trace log file - permission problem
- From: Alexander Grigoriev
- Re: Writing a trace log file - permission problem
- From: JJ
- Writing a trace log file - permission problem
- Prev by Date: Re: Writing a trace log file - permission problem
- Next by Date: Re: GetThreadContext and debug register problem
- Previous by thread: Re: Writing a trace log file - permission problem
- Next by thread: Re: Writing a trace log file - permission problem
- Index(es):
Relevant Pages
|
