Is this possible?

TheMSsForum.com: The Microsoft Software Forum

I have an application that uses PHP to write out a configuration file. The
configuration is the first web page that pops up after the application is
copied to a valid IIS website directory.

The problem that I have is with permission to write the configuration file.
Is there a way to give permission to write files to the IIS website
directory to this application ONLY when run from the local PC....OR is there
a way to give write permission to only the admin running the application?

Thanks!
Top

Re: Is this possible? by Dave

Dave
Fri May 02 17:28:00 CDT 2008

give write permission only to the admin, which is as it should be anyway.

"jim" <jim@home.net> wrote in message
news:dHLSj.94955$Er2.19555@bignews6.bellsouth.net...
>I have an application that uses PHP to write out a configuration file. The
>configuration is the first web page that pops up after the application is
>copied to a valid IIS website directory.
>
> The problem that I have is with permission to write the configuration
> file. Is there a way to give permission to write files to the IIS website
> directory to this application ONLY when run from the local PC....OR is
> there a way to give write permission to only the admin running the
> application?
>
> Thanks!
>


Top

Re: Is this possible? by jim

jim
Fri May 02 17:56:10 CDT 2008

The machine admin does have write permissions, but this does not translate
to the php webpage getting those permissions. The only way that I see to do
it by adjusting permissions is to give IUSR_MachineName write permissions.
But, this gives write permissions to all anonymous users.

The package that I am working with is joomla. It has a php admin page that
runs at first run that takes things like database name, admin password, etc.
and should write them to a "configuration.php" file. The problem is that
the anonymous users don't (and shouldn't) have write access to the folder
containing the configuration.php file which is in the root directory of the
Joomla site.

How to I make it so that the only person with write access to this file via
the admin php page running on the localhost webserver is the actual admin
while keeping write access turned off for anonymous access to the site?

jim

"Dave" <noone@nowhere.com> wrote in message
news:OCHzIPKrIHA.4788@TK2MSFTNGP03.phx.gbl...
> give write permission only to the admin, which is as it should be anyway.
>
> "jim" <jim@home.net> wrote in message
> news:dHLSj.94955$Er2.19555@bignews6.bellsouth.net...
>>I have an application that uses PHP to write out a configuration file.
>>The configuration is the first web page that pops up after the application
>>is copied to a valid IIS website directory.
>>
>> The problem that I have is with permission to write the configuration
>> file. Is there a way to give permission to write files to the IIS website
>> directory to this application ONLY when run from the local PC....OR is
>> there a way to give write permission to only the admin running the
>> application?
>>
>> Thanks!
>>
>
>


Top

Re: Is this possible? by David

David
Fri May 02 22:44:35 CDT 2008

On May 2, 3:56=A0pm, "jim" <j...@home.net> wrote:
> The machine admin does have write permissions, but this does not translate=

> to the php webpage getting those permissions. =A0The only way that I see t=
o do
> it by adjusting permissions is to give IUSR_MachineName write permissions.=

> But, this gives write permissions to all anonymous users.
>
> The package that I am working with is joomla. =A0It has a php admin page t=
hat
> runs at first run that takes things like database name, admin password, et=
c.
> and should write them to a "configuration.php" file. =A0The problem is tha=
t
> the anonymous users don't (and shouldn't) have write access to the folder
> containing the configuration.php file which is in the root directory =A0of=
the
> Joomla site.
>
> How to I make it so that the only person with write access to this file vi=
a
> the admin php page running on the localhost webserver is the actual admin
> while keeping write access turned off for anonymous access to the site?
>
> jim
>
> "Dave" <no...@nowhere.com> wrote in message
>
> news:OCHzIPKrIHA.4788@TK2MSFTNGP03.phx.gbl...
>
>
>
> > give write permission only to the admin, which is as it should be anyway=
.
>
> > "jim" <j...@home.net> wrote in message
> >news:dHLSj.94955$Er2.19555@bignews6.bellsouth.net...
> >>I have an application that uses PHP to write out a configuration file.
> >>The configuration is the first web page that pops up after the applicati=
on
> >>is copied to a valid IIS website directory.
>
> >> The problem that I have is with permission to write the configuration
> >> file. Is there a way to give permission to write files to the IIS websi=
te
> >> directory to this application ONLY when run from the local PC....OR is
> >> there a way to give write permission to only the admin running the
> >> application?
>
> >> Thanks!- Hide quoted text -
>
> - Show quoted text -



The only way to get what you want is if the PHP admin login page
performs a real Windows user logon such that your "administrator" can
logon as a real Windows administrator, at which point you can apply
the usual NTFS File ACL security of Windows.

If the PHP login is just a fake, custom authentication/authorization
against a user database which bypasses real Windows user logon, then
you cannot rely on NTFS File ACL security of Windows.

This is the usual problem with custom authentication no matter the OS/
platform. The Custom Authentication/Authorization scheme becomes a
Trusted Computing Base that multiplexes user access with its one,
single, powerful account. This is exactly what you are uncomfortable
with, but unfortunately, systems that do their own login and use
custom authentication/authorization force this exact issue, no matter
if it is *nix, Windows, Apache, IIS.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Top