Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1159
  • Last Modified:

Give write permission to the IUSR on web.config only

Hi, is it possible to give write permission to the IUSR on web.config file only(not all application folder and files.) ,only web.config. , I tried it on my Vista machine but it did not work unless I give the write permission to the entire directory. What about Windows servers, are they the same?
0
Abdu_Allah
Asked:
Abdu_Allah
  • 6
  • 3
1 Solution
 
abelCommented:
to give write permission to web.config (a dangerous thing to do, but understandable if, for instance, you want to change it on-the-fly, I had the same...) you must make sure to remove the "Include inheritable permissions from this object's parent". Otherwise, it will not work unless you change the rights of the whole directory.
0
 
abelCommented:
Or, on win2k3: "Allow inheritable permissions from the parent to propagate to this object and all child object. Include these with entries explicitly defined here".

Also check the "Effective permissions" tab. It will give you insight whether your online user (IUSR) has access.

Finally, it might not be the IUSR, but the ASPNET user you need to grant access for.
0
 
Abdu_AllahAuthor Commented:
I'm not sure if I get your point so could you please repeat step by step how can I give write permission to web.config. file only?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
abelCommented:
Ok, here you go, assuming Vista, but the process is similar on other OS's of MS.
  • Go to the directory on the destination server where the file web.config is located.
  • Rightclick the file and select Properties
  • Click the tab with Security
  • Click Advanced
  • Here you will probably see a list of persmissions (permission entries) and there's a column with "Inherited from".
  • Below, you see a (probably greyed out) checkbox "Include inheritable permissions from this object's parent". That needs to be unchecked. To do so:
  • Click the Edit button
  • Uncheck the "Include inheritable permissions from this object's parent"
  • On the popup box, asking to keep or remove the permissions, click "Remove" (or Copy, if you want to keep the permissions, but my guess is, you want them out)
  • After you are done, the list will be quite empty (depending on the original state, of course), as all inherited permissions are now gone.
  • Now you can Add (button) any permissions you want. I suggest doing so for IUSR and ASPNET.
  • Don't forget to reinstate the rights for SYSTEM (full control) and probably Administrators group.
  • Click OK > OK > OK (these layered popups always ruin my good humor, hope MS does something about it one day).
Now, to test it, you may want to check Effective Permissions. That is again in the Advanced dialog box, the right-most tab.

For the final test, run your code that "touches" the web.config and see what happens. Check the error for whether it is really Access Denied or something else.

An alternative approach and much safer would be to use the credentials of a third user (one with specific rights for only this and similar tasks) and put these credentials somewhere in another config file (unreachable / unbrowsable from the net). Then, when you access this web.config file, use these credentials for changing it. That way, you do not have the problem of messing with the IUSR credentials and giving him writing access to a file you really should not give writing access to.

HTH,
-- Abel --
0
 
abelCommented:
Mmm, the extra vertical whitespace in the list is from the crappy formatter of EE, not from me... Sorry 'bout that.
0
 
Abdu_AllahAuthor Commented:
abel I did exactly what you suggested but still cannot write to the file untill I give the write permission to the entire parent directory!!
0
 
abelCommented:
I'm sorry it didn't work out so far yet. Maybe I missed a step. I will setup a clean test environment and see if I can repeat the steps there to find the gap in the procedure.
0
 
Abdu_AllahAuthor Commented:
Ok thanks.
0
 
abelCommented:
Did it work in the end? Sorry that I haven't checked back earlier, I had my environment set up, but forgot about coming back here....
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now