Why “NETWORK SERVICE” doesn't have permission on “C:\inetpub\wwwroot” by default?
Question
I grant permission to NETWORK SERVICE manually to have access to C:\\inetpub\\wwwroot so ASP.NET can do something like reading and writing local files.
Is there a security reason this permission has not been granted by default ?
3 answers
solution1
2 ACCPTED 2011-02-01 13:47:36
It is due to the principle of defence in depth - not giving permissions unless explicitly granted.
Such defaults make for a more secure IIS and operating system.
Several years ago Microsoft went through a very large push towards securing windows by default - this setting is part of that push.
solution2
2 2011-02-01 13:48:43
Per this article on MSDN :
The Network Service account has Read and Execute permissions on the IIS server root folder by default. The IIS server root folder is named Wwwroot. This means that an ASP.NET application deployed inside the root folder already has Read and Execute permissions to its application folders. However, if your ASP.NET application needs to use files or folders in other locations, you must specifically enable access.
solution3
1 2011-02-01 13:47:21
通常在Web服务器上,只允许写入几个文件夹,以避免潜在的安全漏洞。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.