0
I am trying to run a PHP-CGI in a low-privilege Virtual Account (Win10 Pro).
How is this (See screenshot #1) possible?
I am running a PHP-CGI service, under a (Virtual) Account NT Service\PHP. The effective permissions of that user in C:\ are all forbidden. However, when running the MKDIR command in a PHP shell-script (that is being ran via PHP-CGI.exe by the NT Service\PHP user) I can create a directory in C:\ .... Is this a ridiculous security/permissions flaw or what am I missing here?
Running "whoami" in the PHP-Shell gives: nt service\php
Bonus sidequestion: How can I create a Group of Virtual Accounts (service accounts), to easily set filesystem-permissions for multiple services at once?
I see, the PHP user is part of Authorized Users group. – Vinzentz – 2019-07-22T05:57:54.443