SQL 尝试使用 xp_cmdshell 移动文件时访问被拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/564907/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Access denied when trying to move files with xp_cmdshell
提问by CruelIO
Im trying to use some T-SQL to move some files from one directory to another. Im using xp_cmdshell to call the move command Just like this:
我试图使用一些 T-SQL 将一些文件从一个目录移动到另一个目录。我使用 xp_cmdshell 调用移动命令就像这样:
create table #output(line varchar(2000) null)
insert into #output exec master..xp_cmdshell 'move /y "D:\files\*.txt" "D:\oldfiles"'
But the files inst move and the #output table contains this output from the move command
但是文件 inst move 和 #output 表包含来自 move 命令的此输出
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
0 file(s) moved.
NULL
The sql server proxy account is mapped to the local administrator If i open a command prompt at enter the move command
sql server 代理帐户映射到本地管理员如果我在输入移动命令时打开命令提示符
move /y "D:\files\*.txt" "D:\oldfiles"
The files are moved perfectly
文件完美移动
Its all happening on a sql2005 running on a w2k3 server.
这一切都发生在 w2k3 服务器上运行的 sql2005 上。
Im logged into the server as local administrator
我以本地管理员身份登录服务器
回答by Tomalak
Can you run a "who am I?" command, like this:
你能运行一个“我是谁?” 命令,像这样:
exec master..xp_cmdshell 'whoami'
and tell what this returns?
并告诉它返回什么?
EDIT:
编辑:
By the OP's comment, the commands are run as
NETWORK SERVICE. AllowingNETWORK SERVICEon the directory in question solved the problem."Modify" permissions are sufficient for file changes.
If the file is on a network share instead of a local drive, make sure that the sufficient permissions are set on the share itself as well. File permissions are checked after share permissions, so if the file allows "Modify", but the share only allows "Read", the overall permissions will still be "Read".
根据 OP 的评论,命令以
NETWORK SERVICE. 允许有NETWORK SERVICE问题的目录解决了问题。“修改”权限足以更改文件。
如果文件位于网络共享而不是本地驱动器上,请确保也为共享本身设置了足够的权限。共享权限后检查文件权限,因此如果文件允许“修改”,但共享只允许“读取”,则整体权限仍为“读取”。
回答by user3841544
As mentioned above, it missed the permission. Another simple approach is just create the folder by xp_cmdshell if possible. If it is root directory, this cannot be applied.
如上所述,它错过了许可。另一种简单的方法是尽可能通过 xp_cmdshell 创建文件夹。如果是根目录,则不能应用。
exec xp_cmdshell 'mkdir d:\files'
exec xp_cmdshell 'mkdir d:\oldfiles'
It ensure the folder has proper rights.
它确保文件夹具有适当的权限。
