1

Is there a way to force files that are created through a network share, or in a given folder, to be owned by a specific user (i.e., is there a native Windows equivalent of Samba's force user).

Rationale: I have a server that runs a number of SQL Server 2008 instances for our internal development environments. Each instance runs as it's own service user, and each service user has a fixed quota - thus ensuring that if one SQL Server runs away with disk (for whatever reason), it won't keelhaul the server.

However some users need to be able to get backups on and off the server, so I have a number of file shares - one per instance - that point to the appropriate directory. As a result, files get created as the user copying the backup onto the disk, circumventing that instance's disk quota.

At the moment I'm working around it by forcing users to authenticate as the SQL Server service account. This isn't really ideal, but it's the best option I can find at the moment.

So ... is there a way to do this, or can anyone see any other solution that would achieve a similar effect?

Ta :-)

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
Chris J
  • 1,218
  • 18
  • 32

1 Answers1

1

No. Most Microsoft services are using impersonation tokens for access to any resources - it is an intrinsic part of the Windows security / single-sign-on concept. If you are familiar with Samba, you could work around this by mounting your share through a Linux machine and re-exporting it as a new share with the "force user" option set to your SQL server's service account. This way you would still pertain domain integration and its single-sign-on features and get what you want.

Alternatively, you could implement an own service using the FileSystemWatcher .NET class and changing the owner upon creation of a new file. Most likely someone has already done something you can build on, but I am too lazy to search today, sorry.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174
  • That's what my googling found (are rather, not finding anything basically drew me that way). Just wasn't sure whether there was a not-very-well-documented function of NTFS somewhere. Using a Linux box as a proxy seems a bit of a hacky solution; mayhap going down writing a service may be the only solution. Ta though :-) – Chris J Dec 13 '11 at 14:49
  • 1
    The hacky solutions are the only ones left for people who refuse to code. Works out, though. – the-wabbit Dec 13 '11 at 15:52
  • I'm sure it does :-) However I'm not adverse to coding, so I'll be looking at that route. – Chris J Dec 16 '11 at 15:58