Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PHP on IIS FOPEN permission denied

Posted on 2010-01-08
12
Medium Priority
?
830 Views
Last Modified: 2013-12-13
I'm trying to either write or create a file, but I keep getting a permission denied error.

failed to open stream: Permission denied [file]

I did the following already:

In the php.ini file :
allow_url_fopen = on
allow_url_include = on
file_uploads = on

On the server:
IIS_IUSR has FULL CONTROL permission which allows:
traverse folder/execute file
list folder/read data
read attribute
read extended attributes
create files/write data
create folders/append data
write attributes
write extended attributes
delete subfolder and files
delete
read permissions
change permissions
take ownership

In my code I've tried:
$file = fopen( $GLOBAL_FILEPATH, 'wb' );
$file = fopen( $GLOBAL_FILEPATH, 'w' );
$file = fopen( $GLOBAL_FILEPATH, 'w+' );

I can read from the file, so that ensures that my directory path is correct.

No luck.  Any help would be greatly appreciated.
0
Comment
Question by:THPWebTeam
  • 6
  • 4
  • 2
12 Comments
 
LVL 13

Accepted Solution

by:
Springy555 earned 1000 total points
ID: 26211162
The identity that the application pool is running under will need permissions on the folder you are trying to create the file in.

This is most likely the NETWORK SERVICE account, but worth double checking by checking the application pool properties that your website is using.
0
 
LVL 31

Assisted Solution

by:James Murrell
James Murrell earned 1000 total points
ID: 26211299
- Open My Computer
- Tools > Folder Options
- Go to the View tab
- In the bottom of the list uncheck Use simple file sharing (Recommended)

Now you will have the security tab shown in the properties of every folder. Now, to give write access to PHP in order to fopen, copy or upload a file, follow this procedure:

- Right click on the folder where you want give write access
- Properties
- Go to the Security tab
- Select the Internet Guest Account ([username]/IUSR_[username])
- Allow the Write and Modify access. (You can give full permission)
- Then press Ok.
0
 

Author Comment

by:THPWebTeam
ID: 26211417
Already did that previously.  No luck.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:THPWebTeam
ID: 26211423
Sorry I mean, I already did what cs97jim3 suggested.  I will check on what springy555 suggested.  Thanks!
0
 

Author Comment

by:THPWebTeam
ID: 26211492
Double checked, already done.  Anything else?
0
 
LVL 13

Expert Comment

by:Springy555
ID: 26211516
Try giving permissions to IIS_WPG local security group as well
0
 

Author Comment

by:THPWebTeam
ID: 26211637
No such group on an IIS7 server. I gave 'everyone' full access.  And this worked!

'Everyone' is a system group that includes all accounts.

I hate to give everyone full access, is it possible to pinpoint which account it is?
0
 
LVL 13

Expert Comment

by:Springy555
ID: 26212429
If you remove the everyone account, check the security event log for any audit failures.

The IIS_WPG group equivalent in IS7 is IIS_IUSRS.  Maybe try adding that account as well.
0
 
LVL 31

Expert Comment

by:James Murrell
ID: 26212450
0
 

Author Comment

by:THPWebTeam
ID: 26212460
>>If you remove the everyone account, check the security event log for any audit failures.
What would an audit failure do?

Yes, in my OP, I mentioned that IIS_IUSRS was given full control allowing it do everything.
0
 
LVL 13

Expert Comment

by:Springy555
ID: 26212668
Any failed logon attempts should be caught by the security log.  You can then see which account failed, then give that account the correct permissions.
0
 

Author Closing Comment

by:THPWebTeam
ID: 31674604
Thanks to both for your contributions!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This article discusses how to create an extensible mechanism for linked drop downs.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question