PHP on IIS FOPEN permission denied

I'm trying to either write or create a file, but I keep getting a permission denied error.

failed to open stream: Permission denied [file]

I did the following already:

In the php.ini file :
allow_url_fopen = on
allow_url_include = on
file_uploads = on

On the server:
IIS_IUSR has FULL CONTROL permission which allows:
traverse folder/execute file
list folder/read data
read attribute
read extended attributes
create files/write data
create folders/append data
write attributes
write extended attributes
delete subfolder and files
read permissions
change permissions
take ownership

In my code I've tried:
$file = fopen( $GLOBAL_FILEPATH, 'wb' );
$file = fopen( $GLOBAL_FILEPATH, 'w' );
$file = fopen( $GLOBAL_FILEPATH, 'w+' );

I can read from the file, so that ensures that my directory path is correct.

No luck.  Any help would be greatly appreciated.
Who is Participating?
The identity that the application pool is running under will need permissions on the folder you are trying to create the file in.

This is most likely the NETWORK SERVICE account, but worth double checking by checking the application pool properties that your website is using.
James MurrellProduct SpecialistCommented:
- Open My Computer
- Tools > Folder Options
- Go to the View tab
- In the bottom of the list uncheck Use simple file sharing (Recommended)

Now you will have the security tab shown in the properties of every folder. Now, to give write access to PHP in order to fopen, copy or upload a file, follow this procedure:

- Right click on the folder where you want give write access
- Properties
- Go to the Security tab
- Select the Internet Guest Account ([username]/IUSR_[username])
- Allow the Write and Modify access. (You can give full permission)
- Then press Ok.
THPWebTeamAuthor Commented:
Already did that previously.  No luck.
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

THPWebTeamAuthor Commented:
Sorry I mean, I already did what cs97jim3 suggested.  I will check on what springy555 suggested.  Thanks!
THPWebTeamAuthor Commented:
Double checked, already done.  Anything else?
Try giving permissions to IIS_WPG local security group as well
THPWebTeamAuthor Commented:
No such group on an IIS7 server. I gave 'everyone' full access.  And this worked!

'Everyone' is a system group that includes all accounts.

I hate to give everyone full access, is it possible to pinpoint which account it is?
If you remove the everyone account, check the security event log for any audit failures.

The IIS_WPG group equivalent in IS7 is IIS_IUSRS.  Maybe try adding that account as well.
James MurrellProduct SpecialistCommented:
THPWebTeamAuthor Commented:
>>If you remove the everyone account, check the security event log for any audit failures.
What would an audit failure do?

Yes, in my OP, I mentioned that IIS_IUSRS was given full control allowing it do everything.
Any failed logon attempts should be caught by the security log.  You can then see which account failed, then give that account the correct permissions.
THPWebTeamAuthor Commented:
Thanks to both for your contributions!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.