Link to home
Start Free TrialLog in
Avatar of MICHAEL HOGGATT
MICHAEL HOGGATT

asked on

how do I set permissions for full control for PHP?

I am not a programmer but have two programs in PHP code that I have to
run from time to time.
IIS Express and PHP 8.0 are installed on this Windows 10 desktop computer.
I am able to run localhost/helloworld.htm successfully which would seem
to indicate that the server is installed properly.
Now I need to set permissions so that I can read and write in PHP.
So how do I set full control in order to run this code?
Do I need to set permissions on the entire INETPUB file or just the
wwwroot folder?
Can this be done by right clicking on the file, choosing Properties,
then Security, then  Edit  to enable full control?
These are in  the drop down menu -

Creator Owner
System
Administrators
Users
Trusted Installer

Do all of these need full control?
I believe some of these already have partial permissions but not full
control.
I am using the standard Default Website.
Am I  on the right track or out in left field?
ASKER CERTIFIED SOLUTION
Avatar of Binh Win
Binh Win
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I run my local testing using iis because I also have a windows server.

Try using the platform installer, it may make things easier for you https://www.microsoft.com/web/downloads/platform.aspx

Otherwise, it is no different than live. You can right click on a folder and set the permissions that way for your web users.
Hi,

I just done that recently.
I would say test your web apps and adjust, test everything that write like add image or file, config file, import export from web page...

Yes you are correct right click Properties,then Security, then  Edit
 
I added IIS_IUSRS to wwwroot

I give modify & write to IIS_IUSRS only for directory or file that need more permission, upload etc.
Also added the same for User


For security reason do not change the main INETPUB

I took this Udemy course this help me

https://www.udemy.com/course/mastering-web-server-iis-85-from-scratch


I'll mention how I do this on Linux, which you'll then translate to Windows.

Also, I manage 1000s of sites, so I'm... allergic to hacks... so I go to great lengths to hobble hacks...

My approach.

1) Apache runs under normal Ubuntu default www-data:www-date as the user:group id.

2) Files are actually owned as root. I'll use DocRoot of /sites/david-favor/punchdrunktech.com/htdocs as a real site example.

3) Then I arrange permissions so all files can be read, so ownership/permission set as follows...

chown -hR root:root /sites/david-favor/punchdrunktech.com/htdocs

find /sites/david-favor/punchdrunktech.com/htdocs -type d -print0 | xargs -0 chmod 755
find /sites/david-favor/punchdrunktech.com/htdocs -type f -print0 | xargs -0 chmod 644

Open in new window


4) At this point files can be read by Apache, and since they're owned by root, even if Apache/PHP/whatever contains an exploit vector (backdoor), no matter, as files can never be changed, so no Malware payload... or other... nefariousness... can inject into the site.

5) This... level of paranoia... may be overkill for you, and you get the idea.

With regards to file ownership/permissions you'll simply arrange for dirs/files to be readable... however seems best to you, then all should be well.
Do I need to set permissions on the entire INETPUB file or just the
wwwroot folder?
Can this be done by right clicking on the file, choosing Properties,
then Security, then  Edit  to enable full control?
These are in  the drop down menu -




User generated image

Do all of these need full control?Do all of these need full control?

The only times you need full control for a folder or file is if you are going to allow file uploads or have something like Wordpress make updates to a specific file/folder on the one site.  Otherwise, as a rule, Read & Execute