IIS - Is this possible?

Asked By jim
02-May-08 05:28 PM
I have an application that uses PHP to write out a configuration file.  The
configuration is the first web page that pops up after the application is
copied to a valid IIS website directory.

The problem that I have is with permission to write the configuration file.
Is there a way to give permission to write files to the IIS website
directory to this application ONLY when run from the local PC....OR is there
a way to give write permission to only the admin running the application?

Thanks!
IIS Discussions
 
IIS
(1)
Database
(1)
MachineName
(1)
Windows
(1)
Joomla
(1)
Apache
(1)
Multiplexes
(1)
Directory
(1)
  Dave replied...
02-May-08 06:28 PM
give write permission only to the admin, which is as it should be anyway.
  jim replied...
02-May-08 06:56 PM
The machine admin does have write permissions, but this does not translate
to the php webpage getting those permissions.  The only way that I see to do
it by adjusting permissions is to give IUSR_MachineName write permissions.
But, this gives write permissions to all anonymous users.

The package that I am working with is joomla.  It has a php admin page that
runs at first run that takes things like database name, admin password, etc.
and should write them to a "configuration.php" file.  The problem is that
the anonymous users don't (and shouldn't) have write access to the folder
containing the configuration.php file which is in the root directory  of the
Joomla site.

How to I make it so that the only person with write access to this file via
the admin php page running on the localhost webserver is the actual admin
while keeping write access turned off for anonymous access to the site?

jim
  David Wang replied...
03-May-08 08:41 PM
o do

hat
c.
t
the
a
.
on
te



The only way to get what you want is if the PHP admin login page
performs a real Windows user logon such that your "administrator" can
logon as a real Windows administrator, at which point you can apply
the usual NTFS File ACL security of Windows.

If the PHP login is just a fake, custom authentication/authorization
against a user database which bypasses real Windows user logon, then
you cannot rely on NTFS File ACL security of Windows.

This is the usual problem with custom authentication no matter the OS/
platform. The Custom Authentication/Authorization scheme becomes a
Trusted Computing Base that multiplexes user access with its one,
single, powerful account. This is exactly what you are uncomfortable
with, but unfortunately, systems that do their own login and use
custom authentication/authorization force this exact issue, no matter
if it is *nix, Windows, Apache, IIS.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Previous Discussion:  IIS
Create New Account
help
w3wp.exe error ( iis crash) IIS Hello, We are facing problems with the IIS. it is crashing randomly. In title its says as notification window w3wp.exe - Application error new log output IISState version 3.0 Wed Jan 07 12:41:14 2009 OS = Windows 2003 Server Executable: w3wp.exe PID = 4788 Note: Thread times are formatted as HH:MM:SS.ms * ** ** ** ** ** ** ** ** ** ** ** IIS has crashed. . . Beginning Analysis DLL (!FunctionName) that failed: ntdll!RtlAllocateHeap Thread ID: 5 System Thread 0.406 * ** ERROR: Symbol file could not be found. Defaulted to export symbols for C: \ WINDOWS \ system32 \ kernel32.dll - * ** ERROR: Symbol file could not be found. Defaulted to export symbols for c: \ windows \ system32 \ inetsrv \ IISUTIL.dll - * ** ERROR: Symbol file could not be found. Defaulted to export symbols for c: \ windows \ system32 \ inetsrv \ w3core.dll - * ** ERROR: Symbol file could not be found. Defaulted to export symbols
iis option missed in add and remove windows components IIS Hi, We want to install iis on windows server 2003.For this if we cliked add and remove windows components in this iisoption missed.Then I checked file c: \ WINDOWS \ inf \ sysoc.inf in this IIS is not hide.Then i tried from manage your server wizard from admin tools then
ASP access to Data on Remote devices IIS Good Morning Folks I have a LAN Among the several connections to it are the following four devices: A MAXSTOR network Storage Device A PC running Microsoft Windows 2000 Server 5.0.2195 (SP4) A PC running Microsoft Windows XP Professional 5.1.2600 (SP2) A PC running Microsoft Windows XP Professional 5.1.2600 (SP2) All of the PCs are running IIS The 'Public Internet' is connected via a Broadband connection from the LAN On the MAXSTOR files can be opened on all of the PCs by double clicking on them in Windows Explorer. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = QUESTION ONE Can the access files on the MAXTOR be accessed from dotASP pages language how to do it ?? = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = By the way, I tried to create Virtual Folders using IIS Admin on the three PCs on the LAN, but it will not allow it for Remote' folders. I await your replies with interest Thank You in Advance Pete (Northolt UK) IIS ASP Discussions ADODB.Connection (1) Windows XP (1) Windows 2003 Server (1) Active Directory (1
Unable to install IIS 6 Metabase and IIS 6 Configuration Compatibi IIS Hi, I am running Windows Vista Home Premium with SP1. I have been trying to install the "IIS 6 Metabase and IIS 6 Configuration Compatibility" component without success. After selecting this component in the "Turn Windows Features on and off" window and then clicking OK, Windows spins for a couple of minutes and then informs me that "An error occurred and
restart IIS IIS Hello, Is this possible to have someone restart IIS without administrator right? and how? Thanks IIS Discussions Application Pool (1) IIS (1) LogSat (1) Windows (1) Plesk (1) Instabilities (1) E867F3446695 (1) Hasproblems (1) Only Administrators have permissions to restart IIS and other NT Services. However, it is possible for non-administrators to be delegated access to an Administrator account (and its permissions) and thus restart IIS There are various Control Panels for IIS (like Plesk) which do exactly that. One can