尝试使用 xp_cmdshell 移动文件时访问被拒绝
我正在尝试使用一些 T-SQL 将一些文件从一个目录移动到另一个目录。 我使用 xp_cmdshell 调用移动命令 就像这样:
create table #output(line varchar(2000) null)
insert into #output exec master..xp_cmdshell 'move /y "D:\files\*.txt" "D:\oldfiles"'
但是文件 inst move 和 #output 表包含 move 命令的输出
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
0 file(s) moved.
NULL
sql server 代理帐户映射到本地管理员 如果我打开命令提示符并输入 move 命令
move /y "D:\files\*.txt" "D:\oldfiles"
文件将被完美移动
这一切都发生在 w2k3 服务器上运行的 sql2005 上。
我以本地管理员身份登录服务器
Im trying to use some T-SQL to move some files from one directory to another.
Im using xp_cmdshell to call the move command
Just like this:
create table #output(line varchar(2000) null)
insert into #output exec master..xp_cmdshell 'move /y "D:\files\*.txt" "D:\oldfiles"'
But the files inst move and the #output table contains this output from the move command
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
0 file(s) moved.
NULL
The sql server proxy account is mapped to the local administrator
If i open a command prompt at enter the move command
move /y "D:\files\*.txt" "D:\oldfiles"
The files are moved perfectly
Its all happening on a sql2005 running on a w2k3 server.
Im logged into the server as local administrator
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你能运行“我是谁?” 命令,像这样:
并告诉它返回什么?
编辑:
根据OP的注释,命令作为
NETWORK SERVICE
运行。 在有问题的目录上允许NETWORK SERVICE
解决了问题。“修改”权限足以更改文件。
如果文件位于网络共享而不是本地驱动器上,请确保在共享本身上也设置了足够的权限。 文件权限在共享权限之后进行检查,因此如果文件允许“修改”,但共享只允许“读取”,则整体权限仍为“读取”。
Can you run a "who am I?" command, like this:
and tell what this returns?
EDIT:
By the OP's comment, the commands are run as
NETWORK SERVICE
. AllowingNETWORK SERVICE
on the directory in question solved the problem."Modify" permissions are sufficient for file changes.
If the file is on a network share instead of a local drive, make sure that the sufficient permissions are set on the share itself as well. File permissions are checked after share permissions, so if the file allows "Modify", but the share only allows "Read", the overall permissions will still be "Read".
如上所述,它错过了许可。 另一种简单的方法是如果可能的话通过 xp_cmdshell 创建文件夹。 如果是根目录则不能应用。
它确保文件夹具有适当的权限。
As mentioned above, it missed the permission. Another simple approach is just create the folder by xp_cmdshell if possible. If it is root directory, this cannot be applied.
It ensure the folder has proper rights.