Proper Permissions on Website folders

[Taco]

Could someone tell me the basic settings for permissions on a website folder? Should everyone be read-only and the IUSER_XXXX have change access? There are a couple of places on the site where certain users have to upload files either to the TEMP directory or to a specific sub-folder of the website folder. Does the System need certain rights as well?

This is on an NT 4.0 SP6a running IIS 5.0.

 

[rewebb]

If you have anonymous access enabled then the default web user (IUR_servername) has to have read access for all folder you want people to be able to use. You *can* change the account for the default web user though, so it's worth checking to make sure it is still IUSR_...

If users have to upload via http then IUSR_... should have write permissions. HOWEVER the SYSTEM account should have R/W/D permissions too.

IIS + NT permissions can be the source of all sorts of 401-related fun, so be prepared to sit down and try *lots* of combinations. Eg, we had an application that wouldn't work until we gave the SYSTEM account execute permissions on the ROOT folder (C:\) which made no sense, but worked

 

[Taco]

Thanks for your help. I guess nothing is ever straight forward when working with Microsoft products. So I don't need the everyone group to have read permissions then - just the IUSR_MACH and SYSTEM?

 

[rewebb]

If you are using Anonymous access then the web server should use the IUSR_mach identity. Giving that read permissions should be enough. However Windows / IIS seems to love sticking a spanner in the works. So you may still end up giving the Everyone group read access in an attempt to make IIS see reason ;-)