Problem:
- You have ASP.NET website on Windows.
- Your website application pool name is mysite.com.
- Your website physical location is D:\inetpub\wwwroot\mysite.com.
- Your website physical data location is D:\mysite_data.
- Your website users cannot upload or modify website files.
- Your website users cannot upload or modify website data files.
Solution:
1. Open cmd.exe as Administrator and execute the command below.
icacls "D:\inetpub\wwwroot\mysite.com" /grant "IIS AppPool\mysite.com":(OI)(CI)F /T
icacls "D:\mysite_data" /grant "IIS AppPool\mysite.com":(OI)(CI)F /T
This command give full permissions against D:\inetpub\wwwroot\mysite.com and all sub-directories and files, and against D:\mysite_data and all sub-directories and files to mysite.com user.
2. Alternatively you can execute the command below.
icacls "D:\inetpub\wwwroot\mysite.com" /grant IIS_IUSRS:F /t
icacls "D:\mysite_data" /grant IIS_IUSRS:F /t
This command give full permissions against D:\inetpub\wwwroot\mysite.com and all sub-directories and files, and against D:\mysite_data and all sub-directories and files to IIS_IUSRS group.
mysite.com user is part of the IIS_IUSRS group.
Motivation:
- You have a WordPress instance on Ubuntu Nginx.
- You want to ensure that only the Nginx process can access WordPress files.
Procedure:
- View current file owner and group:
The root folder should be owned by www-data user. www-data is the user that web servers like Apache and Nginx on Ubuntu use by default for their normal operation.
2. Change file owner and group to www-data if necessary:
sudo chown -R www-data:www-data /var/html
3. Set minimum permissions for folders:
cd /var/html
sudo find . -type d -exec chmod 755 {} \; # directory permissions rwxr-xr-x
4. Set minimum permissions for files:
cd /var/html
sudo find . -type f -exec chmod 644 {} \; # file permissions rw-r--r--
5. Verify the changes:
Motivation:
- You have a WordPress instance on Windows IIS.
- You upload a file. Its thumbnail is not shown in Media Library.
- You change the file permission. Its thumbnail now is shown correctly in Media Library.
- You upload another file and have to change the file permission manually again.
- How can we make WordPress automatically set the correct permission for new uploaded files?
Procedure:
- Ensure that the the Identity of Application pool that the website is running under is ApplicationPoolIdentity.
- Execute below commands as Administrator
icacls "C:\inetpub\wwwroot\domain.com" /grant "IUSR":(OI)(CI)F /T
icacls "C:\inetpub\wwwroot\domain.com" /grant "IIS_IUSRS":(OI)(CI)F /T
3. Set up IIS.
- Open IIS Manager.
- Click on your website.
- Click Authentication.
- Click Anonymous Authentication (which should be the only one enabled).
- Click Edit.
- Select Application pool identity if it is not selected.
- Click OK.
Software development and software engineering research