I'm creating a new Windows docker compose which uses a microsoft/aspnet:4.6.2 image. I'm using a volume for c:\\inetpub\\wwwroot which is mapped with C:\\site\\Default on the host server.
The running ASP.Net file successfully retrieves files but files at creating/writing files. I am getting the following exception: System.IO.IOException: 'Trying to write to forbidden path: C:\\inetpub\\WWWRoot\\agenda.css.'
I tried the following:
Set full access to everyone to C:\\site\\Default on the host server
Add all rights using icacls (see dockerfile below). Here is the output for (Get-acl c:\\inetpub\\wwwroot\\).Access
:
FileSystemRights : FullControl AccessControlType : Allow IdentityReference : Everyone IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\\IIS_IUSRS IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : -1610612736 AccessControlType : Allow IdentityReference : BUILTIN\\IIS_IUSRS IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : IIS APPPOOL\\DefaultAppPool IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT SERVICE\\TrustedInstaller IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : NT SERVICE\\TrustedInstaller IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT AUTHORITY\\SYSTEM IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : NT AUTHORITY\\SYSTEM IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\\Administrators IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : BUILTIN\\Administrators IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\\Users IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : -1610612736 AccessControlType : Allow IdentityReference : BUILTIN\\Users IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : CREATOR OWNER IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly
I used ProcMon on the host server and couldn't see any entry when trying to write the file
docker-compose:
services:
core:
image: core
build:
context: .
dockerfile: ./core/dockerfile
volumes:
- C:/site/Default/:c:/inetpub/wwwroot:rw
ports:
- "8000:80"
- "4020-4024:4020-4024"
environment:
DatabaseType: SqlServer
ConnectionString: Server=sqldata;User ID=sa;Password=pAssword123;Database=Default;MultipleActiveResultSets=True
depends_on:
- sqldata
sqldata:
...
dockerfile:
FROM microsoft/aspnet:4.6.2
# Also tried the bellow command with /l
RUN icacls --% "C:\inetpub\wwwroot" /grant Everyone:(OI)(CI)F /t
For some reasons IUSR
has rights to write anywhere in the container folders (being mapped or not) except in C:\\inetpub\\wwwroot
. IIS prevents from writing into this particular path.
I ended up creating an app which uses another physical path from the dockerfile and everything works as expected now:
FROM microsoft/aspnet:4.6.2
RUN C:\Windows\system32\inetsrv\appcmd.exe set app \"Default Web Site/\" /physicalPath:C:\SomeOtherMountPoint
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.