Re: xp_cmdshell default path (system32) problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Thomas

Batch files can take parameters . You can query variables to extract paths and filenames etc Lookup HELP FOR at a command prompt and page through.

Justin's suggest will make the code more robust. Also be aware of spaces in names and cater for that.

The xp_cmdshell proxy account won't be used by sysadmins, so you should really code in a way that will cater for other default directories.

John


"Thomas Malia" <tommalia@xxxxxxxxxxxxxxxx> wrote in message news:uZ5BJLw4JHA.4184@xxxxxxxxxxxxxxxxxxxxxxx
Hum...
My process actually uses information for tables to determine which directories and files should actually be moved and deleted, so a static batch file wouldn't work. However, building a batch file in code and then xp_cmdshell to execute it might be a safer approach than executing the erase commands directly from xp_cmdshell.

I did a little more testing and I was a little confused. It turns out that it will NOT actually execute the delete if the patch I supply is not valid. So, that's not as bad as I thought.

It would still be REALLY, REALLY nice if there was some way I code basically make the whole WINNT directory and subdirectories OFF LIMITS for anything I do in xp_cmdshell. I'm guessing there must be some way to do this by using a proxy account for xp_cmdshell isn't there?

Currently my server is setup to run under the system service account rather than a domain account. Also, this will eventually need to be scheduled to run as a job. In that configuration, how would I go about configuring SQL Server as a whole on that machine so that xp_cmdshell would ALWAYS run as a specific Windows account? If I could do that then I could safe guard myself by locking down the access that user has.


"John Bell" <jbellnewsposts@xxxxxxxxxxx> wrote in message news:emNvp1v4JHA.1380@xxxxxxxxxxxxxxxxxxxxxxx

"Thomas Malia" <tommalia@xxxxxxxxxxxxxxxx> wrote in message news:eh9NDlv4JHA.1716@xxxxxxxxxxxxxxxxxxxxxxx
I'm trying to create some maintenance scripts that need to manage files in some directories. I want to purge files that are older than a given number of days. I'm use xp_cmdShell to execute "erase" command like commands to delete the files. The problem I'm concerned about is related to the fact that xp_cmdshell appears to use c:\WINNT\SYSTEM32 as it's default path.

I haven't executed the actual erase statements yet but rather have been running test where I just perform a DIR instead of a ERASE to confirm what WILL get deleted when I do it for real. The problem is, if the directory that I supply doesn't exist, then the command appears to opporate on the "default path". So for example if I do:

EXEC xp_cmdshell 'DIR c:\MyDir'

and "myDir" doesn't actually exist, then the xp_cmdShell is return the same result set as if I executed:

EXEC xp_cmdshell 'DIR c:\WINNT\SYSTEM32'

This is more than a little scary since if I have had actually run this command with ERASE instead of DIR then presumably it would have deleted all file from the C:\WINNT\SYSTEM32 directory.... BAD THING!

Now, I can be REALLY, REALLY careful when I write my scripts to make sure I use an existing directory. However, this doesn't protect me later when my script is running as a scheduled job and some unssuspecting sole happens to delete, rename or change the security settings on my directory and now the next time the job runs I crush SYSTEM32!

There's got to be a better way to handle this... isn't there!?!

PLEASE HELP!

Hi Thomas

The easiest solution would be to run a batch file specifying the full path to it.

Johm



.

Relevant Pages

  • Re: xp_cmdshell default path (system32) problem
    ... building a batch file in code and then ... it will NOT actually execute the delete if the patch I supply is not valid. ... I'm use xp_cmdShell to execute "erase" command like ...
    (microsoft.public.sqlserver.programming)
  • Re: Perfmon and batch file
    ... > event viewer and run command file. ... > but no execute the cmd file or execute it but not execute the ... You are probably making some assumptions in your batch file ... @echo off ...
    (microsoft.public.windows.server.general)
  • Re: SEPKILL /im SMC.EXE /f
    ... Subject: SEPKILL /im SMC.EXE /f ... Save the following as a batch file and execute it ... If done from a batch file the command is completed only when the process is stopped. ...
    (Bugtraq)
  • BatchFile/CmdScript to run Ad-aware, Spybot, AV s/w
    ... I would like a batch file or command script that would ... Execute Ad-aware, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: SEPKILL /im SMC.EXE /f
    ... Probably this bug exists on majorly all the software's but security software's like antivirus and firewall have to bucket it which is not what its for SEP. ... Save the following as a batch file and execute it ... If done from a batch file the command is completed only when the process is stopped. ...
    (Bugtraq)