I've got IIS7 installed and have a simple website at:
c:/inetpub/wwwroot/testsite
I can copy files into there, but I can't edit them:
I can open them but cannot save them back
the files themselves are not write-protected
the folder itself ("testsite") IS write protected, so I took the write-protection off (right-click, properties, uncheck read-only, continue as administrator, etc.) and it pretends to change it but then always sets it back to read-only
What is the modus operandi for editing web files on IIS7 on Vista?
You have a couple choices:
Replace the permissions on the entire folder.
log on as administrator and do what you need to.
Note also that the c:/inetpub/wwwroot directory is UAC protected.
Related
You need to make this file writable before you can save your changes. See Changing File Permissions for more information
Make sure you've the correct permissions to edit the files in your FTP or File manager in Cpanel. You don't have any permissions to edit the required files. Let me explain what the File permission is and how to enable it.
What are file permissions?
This is a method of administering access rights to certain files of your site. There are 3 types of permissions, read, write, and execute. Each of these types can be defined per a certain user group. These include owner permissions, group permissions, and public permissions. Some host’s security settings do not have the ideal WordPress permissions set by default, you’ll have to add this yourself. You don’t need to worry about all these technical details. All you need to remember is the number: 666.
Changing file permissions in FTP
This is probably the quickest way of changing the file permissions for all of your template files in one swift command. Open up your favorite FTP client, navigate to your template directory (with style.css, index.php, etc.) and select all .php and .css files. Do not select images or subdirectories.
You can press CTRL + A to select them all, and click while holding CTRL to deselect items like images. After selecting the File Attributes option from the menu, you can change all the permissions to 666. You’ll notice the the group and public write permissions will automatically checked off.
After pressing OK all the permissions to the files you selected should be changed to -rw-rw-rw-. You should now be able to edit them via the theme editor.
Changing permissions in cPanel
You can also do this in cPanel, although not in bulk (for the version of cPanel I’m using anyway). Open up the file manager, navigate to the template directory (similar to FTP) and click on the file you want to change permissions for.
Change each one to 666, as before. This could be useful if you don’t have access to an FTP client, or just want to selectively make files writable.
You may see different sources telling you to set everything to 777, which gives everybody full permissions. I wouldn’t recommend this. Although it would work, it may open up security holes on your site. The 666 permissions are just enough for the text files you’ll be editing.
I have fixed this by a command :-
sudo chmod -R 777 "filepath"
I've recently moved my WP site from godaddy to a physical sever using windows server 2012 R2.
But I'm having problem uploading files using the Admin panel, After uploading the file, I can see it physically on the server (wp-content\upload\2017\10)
But I can't see it on the website it self.
I can only see the file if I'm changing it permissions on the server it self.
I've changed the permissions to the folder, I gave full access to the relevant users. But still, it doesn't work for new files\pictures I'm uploading via the wp admin panel
Edit:
I've notice that every time I come to change the folder permissions the permissions under CREATOR OWNER are always empty, Is it Related ?
Thank you very much for the help
When you upload a file, PHP sends the file to a temporary directory on your server's hard drive (usually C:\Windows\Temp) and then copies it over to the proper directory. Once the file has is initially put in the temporary directory, it gets the permissions of that directory. The problem is when Windows moves that file to the proper place, it keeps the temporary directory’s permissions, which can cause access problems.
The way to fix this is to change the temporary directory to a folder within your WordPress installation, usually wp-content/upgrade.
To do this, follow these directions:
Find your php.ini file.
Find the upload_tmp_dir line, and change it to the wp-content/upgrade folder.
Browse to this folder and verify that the permissions are set properly.
You should then have the ability to properly view all your images. You'll most likely need to select all the previous selected images, and change the owner of the files to the web folder owner. Then you should be good to go!
If you can’t upload an image at all, it’s probably because you need to give the IUSR account Read/Write/Modify permission on your wp-content folder. This will allow you to upload, and do the WordPress & plugin updates.
Once you have done that, all you need to do is give the IIS_IUSRS group Read permissions on your “C:\Windows\Temp” folder.
Make sure to notice that the two permission changes you make are not for the same user/group. Give IUSR permissions on your wp-content folder and IIS_IUSRS permissions on your Windows temp folder.
Note: If you have edited your php.ini file and change the upload temp directory then you will need to give IIS_IUSRS group read permissions on that folder instead.
That should do it, or at least it worked for me.
http://chris.wastedhalo.com/2011/01/wordpress-upload-permissions-on-iis-7-fix/
I find myself coming back to this question time after time when images I add to the Media Gallery don't have the correct permissions in the WordPress Uploads folder. Since I develop WordPress sites locally, it would be a pain to set permission on the Uploads folder every time I work on a new site.
To fix this, I created a folder "C:\Websites\Temp" without messing around with permissions or security settings, etc. Then in MAMP, I edited the php.ini template of the PHP version I was using for this site, php7.3.0.ini (File, Edit Tempate, PHP). I then set upload_tmp_dir to "C:\Websites\Temp":
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
upload_tmp_dir = c:\websites\temp
and voila, no more permission issues.
Well, a few years later, found this post. Tried it. Failed.
Other solution is to assign a specific user to the site in IIS and apply the right permisions to the folder containing the site.
I have an ASP.NET 2.0 application under IIS 8.5 in Classic mode where a page needs to write uploaded files to a folder outside the root of the app. When I first tired this I got something like
Access to the path 'D:\events\uploads\myfile.txt' is denied.
In the Security tab of D:\events I added "IIS AppPool/MyAppPool" and activated the Write permission. Everything worked fine then - as it should.
However, after removing the MyAppPool from D:\events again the same page was still able to write files under D:\events. Scary. A few experiments showed that that the page can now write files everywhere except C:\ C:\Windows C:\Users and D:.
UPDATE: To check which user or group might give access to IIS/ASP.NET I have created a folder C:\TestIISAccess disabled permission inheritance and gradually removed users and groups. Well, there are none left now, I can not even look inside the folder as admin. But my .aspx upload page reports it can still write files there. I have stopped & restarted IIS after all users were removed, makes no difference.
Can some please explain this behaviour and tell me how to cancel the write permission?
The server is IIS7.
Is there a way to disable web.config files in subfolders?
I am asking because, I have a folder on the web server that is for uploads. When someone uploads files, a new folder is created for the user's session and the files they upload go in the folder.
So the path to uploads would be like this:
~/uploads/3F2504E0-4F89-11D3-9A0C-0305E82C3301/somefile.txt
In the ~/uploads/ directory there is a web.config file that removes all http handlers except the static file handler and adds a wildcard mime type. So every file that a user uploads will only ever be served statically.
If a user uploads a web.config file, I want to disallow any of the settings in that file from being applied.
How can I do this?
EDIT
Could I just make the upload folder an application that is a member of an application pool configured to run in Classic mode instead of Integrated Pipeline mode? That way it wouldn't even care about a web.config file.
EDIT 2
Is there another type of webserver I could install for serving all files statically? I could just access the files through a different port. Is there some software that I can be sure wont run any scripts and is safe.
I simply wouldn't allow them to upload a file with that name. In fact, I normally wouldn't trust any filename that the user gave me... makes a great candidate for an injection-style attack.
Ok I have a different angle on this...
What if your uploads folder was not part of the website and instead part of the file system? This way ASP.NET is not processing requests to the folder and thus web.config wouldn't be loaded by the ASP.NET runtime.
You'd have to give your app pool's account read/write access to the file system where these files are stored, but I think it better fits what you're trying to accomplish.
Obviously it could be done in code.
If the folders always exist, you could pre-populate with a web.config with no (significant) content and an ACL to ensure it cannot be overwritten, but looking at the path it I suspect you create the upload folders dynamically which means this would not work.
I don't believe there is a way to tell IIS not to use a web.config (but I could be wrong). Personally, I would add a check to my save code and rename the file.
Why not just check the filename first to prevent the user from uploading a file named web.config? You're probably going to want to check for other things too before allowing the upload - files that are too big, etc.
I have a ASP.NET application that we've written our own logging module for.
My question is, where is the standard place to write a log file to? I.e. the website will be running as the anonymous user identity (e.g. IUSR on IIS7) and I need a place where I know it'll have permission to write to.
Cheers,
App_Data folder on the root of the project. It isn't served to web requests; so other people can't snoop for it.
I would suggest putting the log file onto a seperate disk, though should give you a little performance gain so that your not trying to both read and write to the same disk as the website. If you cannot put the log file on a seperate disk, then I would simply choose a folder of your choice.
In any case, you will have to give the "Network Service" account "Modify" permissions to the desired folder.
If on the other hand, you have access to a databse, then log the information there. It will be much quicker than accessing the hard drive and won't be publically available. You'll also be able to report from the data quite easily.
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
So for the moment I'm going with the CommonApplicationData Folder.
On Vista/Server 2008 this is C:\ProgramData\
On XP/Server 2003 this is C:\Documents and Settings\All Users\Application Data\
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
If you have a website, you clearly have a folder somewhere. Can you not add a (non-web-facing) subfolder? It seems like that would be a more appropriate place to put your logs than dumping them into a global, shared folder.
You could also log to the Windows Event log or to a table in a database. How often are people looking at the event log? If it's being examined on a regualr basis, writing to a table amkes the reporting back much easier as it's trivial to reverse the order and only show the last X events for the current time period. The Windows Event log you can also query the Windows Event Log through PowerShell or with LogParser.
Push the app_data is the best idea, just bear in mind, when the publishing the projects, if the option "Delete all existing files before publishing" is ticked, then the current data in the folder will be gone. The workaround is to skip the deletion of app_data folder.
Another option to do logging is to use some existing framework such as Log4net.