Windows security problem with IIS

Discussion in 'Site & Server Administration' started by JesterMagic, Mar 2, 2007.

0
  1. #1
    I'm not a windows security expert, so I'm hoping I can get some help here :)

    I have a test server running windows 2003 server (latest updates), php5 (using isapi) and IIS 6.

    I copied over a php cms and ran the install script. It is telling me that all the Directory and File Permissions it checks are writable. The thing is I have not setup the security for these directories yet. I have not added the iis user to any groups or changed anything from the default install of windows 2003. How can these directories be writable?

    I went through the install anyways thinking that maybe the install script was reporting it wrong, it wasn't. It was able to create the configration file fine and it had given the iis user full control over the file. I double checked the website directory and it does not have iis listed in the security tab and the iis user does not belong to any groups except guest.

    In the advance Section of the security tab for the config file of the cms it said that the iis user inherited it's security from c:\. I checked c:\ and all directories down to configuration.php and the iis user is not listed in the security tab so I am not sure how it is inheriting anything.

    Does anyone know what is going on here?
     
    JesterMagic, Mar 2, 2007 IP
  2. JesterMagic

    JesterMagic Peon

    Messages:
    179
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Problem Update -

    I have figured out that only new files can be created. existing files can't be modified.

    Looking further into this I also realized that when installing the server I never gave IIS user read permissions on any of the web site files. How can iis read my web site files? Is it setup autmatically when IIS is installed (I assumed)? If so I don't see the iis user on the directory security.
     
    JesterMagic, Mar 2, 2007 IP
  3. tanfwc

    tanfwc Peon

    Messages:
    579
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #3
    since you have put the files in wwwroot folder, right click on the main folder of the script and go to Security->Advanced. See the two checkbox below? check the first one and second. Click apply and try again :D
     
    tanfwc, Mar 2, 2007 IP
  4. JesterMagic

    JesterMagic Peon

    Messages:
    179
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Actually I put my websites direcotries under inetput and I see now that the wwwroot has some extra deny permissions!
     
    JesterMagic, Mar 3, 2007 IP
  5. ecom-solution.net

    ecom-solution.net Banned

    Messages:
    100
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #5
    give read and execute permission to IIS user only and restrict others excluding administrator and system.
     
    ecom-solution.net, Mar 5, 2007 IP