I've installed phpwcms a ton of times on Linux / cPanel servers, but I recently had a client who required that it be installed on IIS. After the admin got php and mySQL installed and working, I was able to get through the installation procedure, although it seems that setup.conf.inc.php couldn't have the temporary values written to it.
I now have the system fully installed and have verified that everything works on the front-end and back-end ... except for the writing of files. For instance, I can't save changes to frontend.css when edited through ADMIN and trying to upload files through FILES gives the standard message "Error while writing file to storage (1)".
Obviously, the issue relates to file permissions. The server admin tells me that files have read/write permissions. As I said, I'm new to running phpwcms on Windows, so I'm not sure what to tell the server admin to do to fix this issue with permissions. From what I understand, Windows permissions is an all or nothing thing.
So, my question is this: What do I tell the server admin to change to allow write permission and how would he make this change? Thanks for your help.
IIS file permissions issue
IIS file permissions issue
Last edited by Ben on Mon 13. Feb 2006, 15:58, edited 1 time in total.
I'm sure you will be fine to just contact him and describe your problems with writing files.
ROUGH description of Assigning Permissions
Every action on a Windows IIS server is regulated by the Windows permissions system which are set by the Admin using typical Windows-syle right-clicks. They must first tell Windows what your "assigned" user account -or- the Internet Guest Account (IUSR_machinename) are permitted to do within the directory structure.
They do this by right-clicking on the file folder(s), opening the properties dialog box and switching to the Security tab. To make sure that your account has full permissions for this directory, he can add your user account to the list and click "Full Control". This would permit your code to access the PHP.EXE file, execute code, and allow the other operations necessary.
To set file permissions just short of "Full Control" the Admin can:
Right click each of the desired directories, select security and make the sure that user has the following permissions.
Modify
Read and Execute
List Folder Contents
Read
Write
ROUGH description of Assigning Permissions
Every action on a Windows IIS server is regulated by the Windows permissions system which are set by the Admin using typical Windows-syle right-clicks. They must first tell Windows what your "assigned" user account -or- the Internet Guest Account (IUSR_machinename) are permitted to do within the directory structure.
They do this by right-clicking on the file folder(s), opening the properties dialog box and switching to the Security tab. To make sure that your account has full permissions for this directory, he can add your user account to the list and click "Full Control". This would permit your code to access the PHP.EXE file, execute code, and allow the other operations necessary.
To set file permissions just short of "Full Control" the Admin can:
Right click each of the desired directories, select security and make the sure that user has the following permissions.
Modify
Read and Execute
List Folder Contents
Read
Write
The server admin wants to make sure that they are not opening themselves up to security vulnerabilities by loosing up file permissions. They asked me "Can you make phpwcms run as a user as they noted below?" Is this something that can be done?
The server admin fears that loosening file permissions will allow any web visitor to upload or modify files. I'm not sure if it works this way, but I can't say for sure.
Thanks for any help you can offer.
The server admin fears that loosening file permissions will allow any web visitor to upload or modify files. I'm not sure if it works this way, but I can't say for sure.
Thanks for any help you can offer.
Last edited by Ben on Mon 13. Feb 2006, 15:59, edited 1 time in total.
First of all... I know next to nothing about IIS & securityBen wrote:The server admin wants to make sure that they are not opening themselves up to security vulnerabilities by loosing up file permissions.
I believe that security of the server would face a pretty remote likelihood of compromise. That is the purpose of the Internet Guest Account within IIS. The website itself would be a different story
(as PHP and MySQL access by phpWCMS in it's current form has a limited user management scheme). So database, scripting and content would depend upon who can access phpWCMS.
I don't know what is meant by "as they noted below?"(from their email to you?).Ben wrote:They asked me "Can you make phpwcms run as a user as they noted below?"
I interpret my "characterization" as limiting those user(s) to ~only~ the directory structure that -you- specify to client (or admin) as "necessary". That would include those "required" by phpWCMS and any additionals that facilitate your aim for this project. I presume their security concerns would be mitigated by whom to and how access to phpWCMS is granted. It's obvious, to you, what a Content Management System is.. one or more folks accessing the script to control frontend content from the backend (later maybe frontend). If you will be doing a one-time creation and no further changes will be required, then username/password control can be reverted and controlled by Admin when you're done. If your work will be "ongoing" and "solo", it becomes incumbent upon you to control access and if others will follow in your footsteps or in collaboration, the user scheme would need to be clarified and agreed upon by client (Admin) and you.Ben wrote:Is this something that can be done? The server admin fears that loosing file permissions will allow any web visitor to upload or modify files. I told him that I don't think it works this way, but I can't say for sure.
Thanks for any help you can offer.
Sorry I couldn't answer more directly and specificly
