stackoom
  简体   繁体   中英

IIS7 Admin read/write access to folder

 原文  2009-09-22 10:08:15       asp.net/ security/ iis-7

Question

I have an ASP.Net website running on IIS7. The developers have created a CMS in the \\admin folder, which allows the website admin to create/edit/delete pages.

They have said:

"The read/write permission should be given to the user that requires login access to the admin panel, not the anonymous user that has general public access to the website. The reason for the write permission is to allow the administrator to be able to upload images and files through the CMS, and make various changes to the navigation, style sheet, etc".

Also, they have said:

"Password protect the /admin folder and assign full rights to your admin user as it needs to update data (site files) accordingly as mentioned in the Folder level section above. For certain modules to work, such as the file manager, you would need to use Basic Authentication at the Directory Security level. The FCKeditor folder also should be protected so it has the correct permissions. "

Is this approach safe? I have tried assigning full rights to the Plesk protected folder user (the \\admin folder is protected through Plesk), but Plesk keeps reverting back to its default settings. I am told this is a security measure, which makes sense.

What would an alternate way of accomplishing this be without rewriting any code?

2 answers

solution1
 1  2009-09-22 10:21:22

If the application needs the ability to upload then it will always need read/write permissions to the directories it is going to upload to - no amount of rewriting will change this, it's part of the basic functionality. The same applies to editing stylesheets etc.

Reverting changes you make sounds like a very bad security measure - warning you would be fine, but generally you make these changes for a reason and want them to stay.

solution2
 1  2010-02-04 06:12:52

Hay try this...

  1. Right-click the file and select Properties.
  2. Click on the Security tab.
  3. Click Advanced in the lower right.
  4. In the Advanced Security Settings window that pops up, click on the Owner tab.
  5. Click Edit.
  6. Click Other users or groups.
  7. Click Advanced in the lower left corner.
  8. Click Find Now.
  9. Scroll through the results and double-click on your current user account.
    1. Click OK to all of the remaining windows except the first Properties window.
    2. Select your user account from the list up top and click Edit.
    3. Select your user account from the list up top again and then in the pane below, check Full control under Allow, or as much control as you need.
    4. You'll get a security warning, click Yes.
    5. On some files that are essential to Windows, you'll get a “Unable to save permission changes… access is denied” warning and there's nothing that you can do about it to the best of my knowledge.
    6. Reconsider why you're using Windows.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What folder in Windows everyone or IIS User has access to read and write? IIS Permission Access on a App_Data Folder to read / write database iis7 hiddensegment bin folder Properly secure IIS 7 read/write folder IIS7 403 - Access Denied Write access to folder in wwwroot/ IIS window 7 Allow read, write and execute files from asp.net web page using IIS7 IIS7 - Access Denied using System.IO.StreamWriter() ASP.net page to write to share HttpHandler and folder locking problemin IIS7 IIS7 & 301 Redirects - Folder to File
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM