MICHAEL HOGGATT
asked on
how do I set permissions for full control for PHP?
I am not a programmer but have two programs in PHP code that I have to
run from time to time.
IIS Express and PHP 8.0 are installed on this Windows 10 desktop computer.
I am able to run localhost/helloworld.htm successfully which would seem
to indicate that the server is installed properly.
Now I need to set permissions so that I can read and write in PHP.
So how do I set full control in order to run this code?
Do I need to set permissions on the entire INETPUB file or just the
wwwroot folder?
Can this be done by right clicking on the file, choosing Properties,
then Security, then Edit to enable full control?
These are in the drop down menu -
Creator Owner
System
Administrators
Users
Trusted Installer
Do all of these need full control?
I believe some of these already have partial permissions but not full
control.
I am using the standard Default Website.
Am I on the right track or out in left field?
run from time to time.
IIS Express and PHP 8.0 are installed on this Windows 10 desktop computer.
I am able to run localhost/helloworld.htm successfully which would seem
to indicate that the server is installed properly.
Now I need to set permissions so that I can read and write in PHP.
So how do I set full control in order to run this code?
Do I need to set permissions on the entire INETPUB file or just the
wwwroot folder?
Can this be done by right clicking on the file, choosing Properties,
then Security, then Edit to enable full control?
These are in the drop down menu -
Creator Owner
System
Administrators
Users
Trusted Installer
Do all of these need full control?
I believe some of these already have partial permissions but not full
control.
I am using the standard Default Website.
Am I on the right track or out in left field?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
I just done that recently.
I would say test your web apps and adjust, test everything that write like add image or file, config file, import export from web page...
Yes you are correct right click Properties,then Security, then Edit
I added IIS_IUSRS to wwwroot
I give modify & write to IIS_IUSRS only for directory or file that need more permission, upload etc.
Also added the same for User
For security reason do not change the main INETPUB
I took this Udemy course this help me
https://www.udemy.com/course/mastering-web-server-iis-85-from-scratch
I just done that recently.
I would say test your web apps and adjust, test everything that write like add image or file, config file, import export from web page...
Yes you are correct right click Properties,then Security, then Edit
I added IIS_IUSRS to wwwroot
I give modify & write to IIS_IUSRS only for directory or file that need more permission, upload etc.
Also added the same for User
For security reason do not change the main INETPUB
I took this Udemy course this help me
https://www.udemy.com/course/mastering-web-server-iis-85-from-scratch
I'll mention how I do this on Linux, which you'll then translate to Windows.
Also, I manage 1000s of sites, so I'm... allergic to hacks... so I go to great lengths to hobble hacks...
My approach.
1) Apache runs under normal Ubuntu default www-data:www-date as the user:group id.
2) Files are actually owned as root. I'll use DocRoot of /sites/david-favor/punchdr unktech.co m/htdocs as a real site example.
3) Then I arrange permissions so all files can be read, so ownership/permission set as follows...
4) At this point files can be read by Apache, and since they're owned by root, even if Apache/PHP/whatever contains an exploit vector (backdoor), no matter, as files can never be changed, so no Malware payload... or other... nefariousness... can inject into the site.
5) This... level of paranoia... may be overkill for you, and you get the idea.
With regards to file ownership/permissions you'll simply arrange for dirs/files to be readable... however seems best to you, then all should be well.
Also, I manage 1000s of sites, so I'm... allergic to hacks... so I go to great lengths to hobble hacks...
My approach.
1) Apache runs under normal Ubuntu default www-data:www-date as the user:group id.
2) Files are actually owned as root. I'll use DocRoot of /sites/david-favor/punchdr
3) Then I arrange permissions so all files can be read, so ownership/permission set as follows...
chown -hR root:root /sites/david-favor/punchdrunktech.com/htdocs
find /sites/david-favor/punchdrunktech.com/htdocs -type d -print0 | xargs -0 chmod 755
find /sites/david-favor/punchdrunktech.com/htdocs -type f -print0 | xargs -0 chmod 644
4) At this point files can be read by Apache, and since they're owned by root, even if Apache/PHP/whatever contains an exploit vector (backdoor), no matter, as files can never be changed, so no Malware payload... or other... nefariousness... can inject into the site.
5) This... level of paranoia... may be overkill for you, and you get the idea.
With regards to file ownership/permissions you'll simply arrange for dirs/files to be readable... however seems best to you, then all should be well.
Do I need to set permissions on the entire INETPUB file or just the
wwwroot folder?
Can this be done by right clicking on the file, choosing Properties,
then Security, then Edit to enable full control?
These are in the drop down menu -
Do all of these need full control?Do all of these need full control?
The only times you need full control for a folder or file is if you are going to allow file uploads or have something like Wordpress make updates to a specific file/folder on the one site. Otherwise, as a rule, Read & Execute
Try using the platform installer, it may make things easier for you https://www.microsoft.com/web/downloads/platform.aspx
Otherwise, it is no different than live. You can right click on a folder and set the permissions that way for your web users.