IIS unable to write to disk - iis-7

I have one server that works (that I originally remember took me a loooong time to figure out--dont remember solution). I copy the exact same permissions to the new server, and it does not work. 'Everyone' is given total permission.
I have given permissions to _IUSR, IIS_USR, and Everyone., yet I still have errors with PHP trying to write/modify files.
Whats up?

You didn't mention IIS version you are using and what's application you are trying to run on top of it - these would be helpful to get a proper answer.
Looking at account names you mentioned you are running IIS 7.x... If you are running app which requires some fancy permissions config on its folders and files just try to temporarily grant full access to Everyone and IUSR from the top of app folder (overwriting everything below it) just to verify that this is permissions problem indeed.

Related

can not change folder permission during installation

i know that people couldn't say that this is trivial, but i have search for days in internet and can not be able to do this.
i am using visual studio 2010 ultimate and have created my setup with setup and deployment of vs 2010.the problem is that i have an application folder which contains my database and which is deployed with my application. When i deploy it in administrator part of computer, all is correct, i devined that it is due to fullcontrol permission of administrator programfiles folder.But when i deploy it in another account, application don't has access to database for writting. i looked for the web site and understood that this is due to programfiles folder permission for others users.So i decide to do another research in order to give more rights to users for this folder.
I finally understood that i can achieve this with authoring tools like robocopy by using custom action or with a command line by just correctly write my custom action. After more researchs, i understood that i can do it with a command line which use robocopy and give folder permission during installation for this custom action or only with custom action.
for custom action, i tried many links, but the best link that i obtained was (How to give Read/Write permissions to a Folder during installation using .NET) without success (i change /folder="[CommonAppDataFolder][ProductName] with /folder="[CommonAppDataFolder][Manufacturer][ProductName] in customactiondata" due to the fact that product name is in my manufacturer folder").i don't understand why this code don't change folder permissions during installing and don't know how i can use robocopy or icalcs in custom action to change folder permissions during installation. my setup and others requirements have been packaged with dotnetInstaller, i dont know if i can be able to continue use it.
please, i greatly need your help to be able to do this
i have solved the problem. After many trying, i understood that i was giving permission to the wrong folder because my documents and database were contained in programfile folder. after understand this, i only change the place to set permission by :/folder="[ProgramFilesFolder][Manufacturer][ProductName]" and permission have been setted.

How can I mklink to a file share so that a web can save uploaded files to it?

How can I mklink to a file share so that a web can save uploaded files to it?
My web and file servers are both apart of a workgroup. I don’t care about security and do not want a domain solution.
Originally, I had AWeb with subfolder: Work folder and it’s subfolders with modified permissions for IIS_IUSRS and my AppPool Indentity set as NetworkService... and it works great.
Now, I want to replace the Files folder with a symbolic link to a file share.
C:\inetpub\wwwroot\AWeb\Work\Files
From elevated prompt:
mklink /d “C:\inetpub\wwwroot\AWeb\Work\Files” “\\FileServer\Files”
C:\inetpub\wwwroot\AWeb\Work\Files
This works under my account, but not for NetworkService account. How can I get this to work? I’ve tried some of the solutions in forums like elevating the prompt to administrator then to system using psexec.exe but still no go.
How can I log or check what’s really happening when I get the error that access is denied?
How can could I set the file share access for an account like NetworkService when I have no idea what the password is?
Looks like the best way is to setup iSCSI target and initialator. But would still like to try without.

WordPress hosted on Azure won't allow media file uploads due to bad temp folder

After recent upgrade to latest WordPress version, media uploads no longer work. They return missing temp folder error.
I found out that WP thinks that /wwwroot/wp-admin/ is the temp folder, that's where it is trying to send uploads.
I tried everything to force it to change within WordPress. Setting WP_TEMP_DIR, even tried rewriting core function that looks for temp folder in /wp-includes/text/Diff.php and setting static path.
Nothing works. I don't really know much about Azure, so it's been a pain in the butt.
My last resort is to install and use Azure Storage plugin for WP, but that's last resort.
Anyone can shed some light on this issue? Would greatly appreciate it.
UPDATE: Site is a Azure website, it does not use Azure instance.
http://www.windowsazure.com/en-us/home/features/web-sites/
I'm not to sure about Azure but you can change the tmp directory WordPress uses by using the command below. Make sure to make a folder in your home directory before doing so.
wp-config
define('WP_TEMP_DIR','/link-to-your-folder-you-just-made');
First of all, you should never store anything on an Azure instance, consider it volalite storage just like RAM - if the instance goes down or even gets randomly restarted you could literally get a brand new virtual machine with a new file system and lose everything.
That being said, you can safely RDP into the instance - create a directory (c:\temp for example) and as long as the IIS account has rights over the directory you won't have any issues using it as scratch storage. I would use Andy's approach above (I don't know wordpress, but I know Azure) and simply make sure that it points to a directory that you can use as temp and that the IIS user can safely use.
You may want to log in to the VM with RDP if only for the additional reason that it will give you great insight in how Azure structures the file system for the software it runs, you will see 3 drives and if memory serves one of them is purely a scratch drive that you can use. But it's not persistent, consider that it can get cleared at any moment.
Hope this helps,

Access denied when writing to a file. Why?

I've developed an ASP.NET v4 web app which I am trying to get to write to a folder in the webroot.
For the life of me I cannot get Windows 7 to allow it to write a file, I get Access is Denied error each time.
What I have tried on the folder is
attrib -r /foldernameandpath
attrib -r -s /foldernameandpath
Removing Check from ReadOnly attribute in folder properties
Changed owner to folder to current user whom is also the admin
Changed owner to Everyone
Adding Everyone user to folder with all permissions
Changing the folder to the Public Document directory
Changing to the root of the C drive (Out of desperation)
Nothing seems to work and all I want to do is test that the write works.
Now I know the system works and writes fine cause I had this same web app on a second machine writing the PDFs to the C drive without issue. This second machine I just cannot get it to allow the write.
Oh please for the love of all things holy, put the keyboard and mouse down and stop what you are doing. Some of the actions in your list seriously frightens me.
All the things you list as your actions are most likely useless or desperately random at best.
As a web developer, you shouldn't have to start messing around changing ownership of folders, especially not the web root folder normally used by the web server. When you do, you'll end up in a dark, cold and lonely place. Lord only knows what other desperate measures you have taken. For your own sake, I'll recommend you to do a system restore or even system reinstall to make sure you are in a healthy state.
Let's go back one step and try to sort out what you are doing.
First: what is the path you are trying to write to?
Second: are you running this application directly from within Visual Studio or in IIs?
If you are doing the first option then your current user account is the account who tries to write to the path in question. Do you have write permissions there?
One thing you can try is to start Visual Studio with elevated permissions and see if that works.
If you are running in IIs, it the associated pool account that needs write permissions.
Are you doing impersonation by any chance? If so, make sure the impersonated account have proper permissions.
You should only write to a predefined folder within your app path, like ..\App_Data for example.
The easiest way to find out which account you are running with and determine what path you are trying to write to, is to fire up SysIntenals process monitor and find the entry with the access denied result. Select properties for that entry and find out which account tried to do the write action. When you have determined that, right click on the folder in question and give the proper account write permissions.

Where should I put my log file for an asp.net application?

I have a ASP.NET application that we've written our own logging module for.
My question is, where is the standard place to write a log file to? I.e. the website will be running as the anonymous user identity (e.g. IUSR on IIS7) and I need a place where I know it'll have permission to write to.
Cheers,
App_Data folder on the root of the project. It isn't served to web requests; so other people can't snoop for it.
I would suggest putting the log file onto a seperate disk, though should give you a little performance gain so that your not trying to both read and write to the same disk as the website. If you cannot put the log file on a seperate disk, then I would simply choose a folder of your choice.
In any case, you will have to give the "Network Service" account "Modify" permissions to the desired folder.
If on the other hand, you have access to a databse, then log the information there. It will be much quicker than accessing the hard drive and won't be publically available. You'll also be able to report from the data quite easily.
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
So for the moment I'm going with the CommonApplicationData Folder.
On Vista/Server 2008 this is C:\ProgramData\
On XP/Server 2003 this is C:\Documents and Settings\All Users\Application Data\
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
If you have a website, you clearly have a folder somewhere. Can you not add a (non-web-facing) subfolder? It seems like that would be a more appropriate place to put your logs than dumping them into a global, shared folder.
You could also log to the Windows Event log or to a table in a database. How often are people looking at the event log? If it's being examined on a regualr basis, writing to a table amkes the reporting back much easier as it's trivial to reverse the order and only show the last X events for the current time period. The Windows Event log you can also query the Windows Event Log through PowerShell or with LogParser.
Push the app_data is the best idea, just bear in mind, when the publishing the projects, if the option "Delete all existing files before publishing" is ticked, then the current data in the folder will be gone. The workaround is to skip the deletion of app_data folder.
Another option to do logging is to use some existing framework such as Log4net.

Resources