堆栈内存溢出
  简体   繁体   English

如何允许IIS APPPOOL \\ DefaultAppPool写入C:\\ inetpub \\ wwwroot挂载点

[英]How to allow IIS APPPOOL\DefaultAppPool to write into C:\inetpub\wwwroot mount point

 原文  2019-01-22 12:29:22       asp.net/ windows/ docker/ symlink/ docker-volume

问题描述

I'm creating a new Windows docker compose which uses a microsoft/aspnet:4.6.2 image. 我正在创建一个使用microsoft / aspnet:4.6.2映像的新Windows docker compose。 I'm using a volume for c:\\inetpub\\wwwroot which is mapped with C:\\site\\Default on the host server. 我正在使用c:\\ inetpub \\ wwwroot的卷,该卷与主机服务器上的C:\\ site \\ Default映射。

The running ASP.Net file successfully retrieves files but files at creating/writing files. 正在运行的ASP.Net文件成功检索到文件,但在创建/写入文件时检索到文件。 I am getting the following exception: System.IO.IOException: 'Trying to write to forbidden path: C:\\inetpub\\WWWRoot\\agenda.css.' 我收到以下异常: System.IO.IOException: 'Trying to write to forbidden path: C:\\inetpub\\WWWRoot\\agenda.css.'

I tried the following: 我尝试了以下方法:

  • Set full access to everyone to C:\\site\\Default on the host server 将对所有人的完全访问权限设置为主机服务器上的C:\\ site \\ Default

  • Add all rights using icacls (see dockerfile below). 使用icacls添加所有权限(请参阅下面的dockerfile)。 Here is the output for (Get-acl c:\\inetpub\\wwwroot\\).Access : 这是(Get-acl c:\\inetpub\\wwwroot\\).Access 

     FileSystemRights : FullControl AccessControlType : Allow IdentityReference : Everyone IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\\IIS_IUSRS IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : -1610612736 AccessControlType : Allow IdentityReference : BUILTIN\\IIS_IUSRS IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : IIS APPPOOL\\DefaultAppPool IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT SERVICE\\TrustedInstaller IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : NT SERVICE\\TrustedInstaller IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT AUTHORITY\\SYSTEM IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : NT AUTHORITY\\SYSTEM IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\\Administrators IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : BUILTIN\\Administrators IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\\Users IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : -1610612736 AccessControlType : Allow IdentityReference : BUILTIN\\Users IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : CREATOR OWNER IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly

  • I used ProcMon on the host server and couldn't see any entry when trying to write the file 我在主机服务器上使用了ProcMon,尝试写入文件时看不到任何条目

Docker files Docker文件

docker-compose: 泊坞窗 - 撰写: 

services:
  core:
    image: core
    build:
      context: .
      dockerfile: ./core/dockerfile
    volumes:
      - C:/site/Default/:c:/inetpub/wwwroot:rw
    ports:
      - "8000:80"
      - "4020-4024:4020-4024"
    environment:
      DatabaseType: SqlServer
      ConnectionString: Server=sqldata;User ID=sa;Password=pAssword123;Database=Default;MultipleActiveResultSets=True
    depends_on:
      - sqldata

  sqldata:
    ...

dockerfile: dockerfile: 

FROM microsoft/aspnet:4.6.2

# Also tried the bellow command with /l
RUN icacls --% "C:\inetpub\wwwroot" /grant Everyone:(OI)(CI)F /t

1 个解决方案

解决方案1
 0  2019-02-06 16:39:36

For some reasons IUSR has rights to write anywhere in the container folders (being mapped or not) except in C:\\inetpub\\wwwroot . 由于某些原因, IUSR有权在C:\\inetpub\\wwwroot之外的容器文件夹中(无论是否映射)写入任何位置。 IIS prevents from writing into this particular path. IIS禁止写入此特定路径。

I ended up creating an app which uses another physical path from the dockerfile and everything works as expected now: 我最终创建了一个应用程序,该应用程序使用了来自dockerfile的另一个物理路径,并且现在一切都按预期进行了: 

FROM microsoft/aspnet:4.6.2

RUN C:\Windows\system32\inetsrv\appcmd.exe set app \"Default Web Site/\" /physicalPath:C:\SomeOtherMountPoint

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 授予对IIS APPPOOL \\ DefaultAppPool的数据库访问权限 - Grant database access for IIS APPPOOL\DefaultAppPool 授予对IIS APPPOOL \\ DefaultAppPool的SQL Server数据库访问权限 - Granting sql server database access to IIS APPPOOL\DefaultAppPool IIS 7:标识'IIS APPPOOL \\ DefaultAppPool'没有足够的权限来访问临时目录 - IIS 7: Identity 'IIS APPPOOL\DefaultAppPool' does not have sufficient permission to access the temp directory 无法以编程方式在C:\\ inetpub \\ wwwroot中创建文件 - Can't create a file in C:\inetpub\wwwroot programmatically 拒绝访问路径“c:\\inetpub\\wwwroot\\myapp\\App_Data” - Access to the path 'c:\inetpub\wwwroot\myapp\App_Data' is denied 项目位置不在inetpub \\ wwwroot中 - Project location not in inetpub\wwwroot 无论我做什么,继续“登录用户IIS APPPOOL \\ DefaultAppPool失败” - Keep getting “Login failed for user IIS APPPOOL\DefaultAppPool” no matter what I do 如何使用asp.net C#重启IIS 6的defaultAppPool? - How to restart IIS 6 's defaultAppPool using asp.net C#? 在wwwroot / IIS窗口中对文件夹的写访问权限7 - Write access to folder in wwwroot/ IIS window 7 为什么默认情况下,“网络服务”没有对“ C:\\ inetpub \\ wwwroot”的许可? - Why “NETWORK SERVICE” doesn't have permission on “C:\inetpub\wwwroot” by default?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM