I am creating directories with xp_cmdshell but I can't delete them after because of the permission, I am not even allowed to see the owner of the folders. I have to enter in safe mode to be able of delete the folders. I am using SQL Server 2008.
Asked
Active
Viewed 847 times
2 Answers
1
I'm assuming it's an ACL problem.
A directory created with xp_cmdshell is owned by SQL Server (The service account) and its access rights are inherited from the parent.
If you have to modify the directory's content after its creation, you'll have to :
- Create your directory inside another one who already have good access rights.
- Or grant more rights after its creation (with
xp_cmdshellandicaclsto manipulate the ACLs)
Eg, change domain\group & d:\folder_path in the following snippet to whatever suits you to give a group (your users, admins, etc...) full control on a directory :
exec xp_cmdshell 'icacls "d:\folder_path" /grant "domain\group":(f)'
Edgard
- 71
- 3
1
Danger, Will Robinson, Danger!
This sounds like it might not be ideal from several angles - security, future-proofing, and scalability. Assuming none of those are priorities for your code, crack on with Edgard's answer.
Otherwise, I would question any design that has the DBMS (directly) write folders in the file system. I don't question that you have your reasons, it's just that there are some very big, but very non-obvious risks that won't bite you until later when you're already committed to the course. There may be less risky and more straightforward ways to do whatever you're doing.
Chris Wooddell
- 26
- 1
-
I am working with Paradox tables and I need to copy the content on a SQL table, the tables are locked by the lck files so I can't execute an openrowset and I thougth that I could make a copy from the tables and then execute the openrowset but then I realized that I can't remove a folder created by the SQL procedure. I will try to find another solution less risky. – jos3m Nov 17 '17 at 07:08