I have written a generation server in Tcl which runs as a windows service. When invoked, the generation server starts a new master process (sort of make), which will manage the generation by starting subprocesses:
server -> master -> program 1
-> program 2 ...
I want to limit write access of all processes below master to a single output directory only, while being able to read other sibling directories.
The solution I have in mind is to change the user of master process to a limited one (is it impersonation?), and let server create output directory and change owner and write attributes before and after the generation.
Is it possible with twapi? Or is there a better alternative?
Aucun commentaire:
Enregistrer un commentaire