Re: VB 6, SQL Server 2000, xp_cmdshell

From: hundredhouses (hundredhouses_at_yahoo.com)
Date: 09/28/04

• Next message: Steve: "Rebuild .LDF File"
• Previous message: Nigel Rivett: "Re: SQL Injection Prevention"
• In reply to: Peter The Spate: "Re: VB 6, SQL Server 2000, xp_cmdshell"
• Next in thread: Tibor Karaszi: "Re: VB 6, SQL Server 2000, xp_cmdshell"
• Reply: Tibor Karaszi: "Re: VB 6, SQL Server 2000, xp_cmdshell"
• Messages sorted by: [ date ] [ thread ]

Date: 28 Sep 2004 08:13:25 -0700

First of all thank you Tibor, thank you Peter.
Second thing: it seems that I know less than I thought about
users/logins/accounts and I feel like complete idiot. It's very
embarrassing but it's better to ask and get some answers (and feel
like idiot once), than to keep my mouth shut and feel like I feel at
the moment, many times after.

> >> When the xp_cmdshell runs, it runs using the NT User ID
> >> used in starting the SQL Server, so it doesn't matter
> >> which log in you use
> >
> >Unless the login who executes xp_cmdshell isn't sysadmin.
> If the login isn't sysadmin, then the
> >proxy account is used. The proxy account is defined in
> EM, right-click SQL Server Agent.
> >

Server role of that login is system administrator. It means it's
sysadmin, right?

> >> When the xp_cmdshell runs, it runs using the NT User ID
> >> used in starting the SQL Server, so it doesn't matter
> >> which log in you use (except of course for rights to
> >> executing the xp_cmdshell).
> >>
> >> I would look at what user id is been used to start the
> >> service, then ensure that that id has access rights to
> the
> >> directory your trying to access. Remember that Server
> >> directories have there own access rights independant of
> >> SQL.
> >>

I've found that user who starts the service didn't have permissions to
select/insert/update/delete some tables in a database and it was
supposed to. I don't know how important it is but I gave those
permissions and it still doesn't work. The same was with the stored
procedure I made.

Tell me something guys. I've realized that user who starts the service
is important one. Is this always or just when I use xp_cmdshell? I
still don't realize why it has to have access rights to the directory
I'm trying to access(in my case my database, right? Not the web
page?).
Let me ask you this way. When I make a job and the owner of the job is
sa for example. Different user starts the service. When the job starts
it starts using user who is owner of the job or the one who starts the
services or that depends of the fact if xp_cmdshell is involved or
not?

You wrote :Remember that Server directories have there own access
rights independant of SQL.

Can you please explaine this sentence.

Thank's one more time to both of you.

Marko

• Next message: Steve: "Rebuild .LDF File"
• Previous message: Nigel Rivett: "Re: SQL Injection Prevention"
• In reply to: Peter The Spate: "Re: VB 6, SQL Server 2000, xp_cmdshell"
• Next in thread: Tibor Karaszi: "Re: VB 6, SQL Server 2000, xp_cmdshell"
• Reply: Tibor Karaszi: "Re: VB 6, SQL Server 2000, xp_cmdshell"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint