The Old Joel on Software Forum: Part 4 (of 5) - File I/O from NT Service application?

File I/O from NT Service application?

Hello!

I have a problem performing file I/O from my service application. I see no errors, when trying to create the file, it simply does not show up.

I have been unable to find information on if file I/O is even allowed from services. It seems to me that disallowing file I/O from services would be a good thing security wise.

Anybody here know if it's possible to do file i/o from services in NT/2K?

Thanks alot,

Patrik
Friday, March 26, 2004

1) It is possible, I've done it
2) If you're not using a full path, the file may not be created where you think (services run from windows\system32)
3) Check the event log for errors
4) Log, trap, trace - drop an event before the file creation, after the file creation (with the file's path), and on all exceptions and you wouldn't have to ask. :-)

Philo

Philo
Friday, March 26, 2004

It also matters whether the service is logged in as a named user. Non-named services have more limited directory permissions.

Christopher Wells
Friday, March 26, 2004

File I/O from Service definitelky works, standard Timers do not work , if your File I/O is performed on a Timer event, than it will not work, as standard timer events simply do not fire

Seemore
Friday, March 26, 2004

As Philo says, it's easily done. Just remember that you will be impersonating a non-intuitive account (e.g., "SERVICE") and that your ACL's may reflect that. Make sure you log in with administrative rights if you can't seem to find the file and the returned (non) error code indicated it succeeded.

dir at badblue com
Friday, March 26, 2004

.. and don't try to write to a network drive, since you don't see it from the SYSTEM account.
(You can however try to map it on your own, if you must).

Michael Moser
Saturday, March 27, 2004

If you are writing to a network drive then try and use UNC paths instead of mapped drives. Also I found that on some platforms I had to make a call to NetUseAdd first but not on others.

Tony Edgecombe
Monday, March 29, 2004

Thanks for the helpful pointers. Now my service works.
The "Allow service to interact with desktop" was unchecked and that is why it was broken.

Now everything works.

Thank you.

Patrik
Monday, March 29, 2004

"Allow service to interact with desktop" has nothing to with file I/O, and if you have it checked, you probably have a security bug.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;327618&

Or look into the hoopla around "Shatter Attack", not too long ago.

Rob
Monday, March 29, 2004

Rob,

Thanks for pointing this out. Evil me withheld that the I/O in question was done from a DLL.

The DLL was LoadLibrary'ed from the service, and it used
SetWindowsHookEx() which requires the "Allow service to interact with desktop" checkbox :)

Patrik (da HaX0r?)
Monday, March 29, 2004