473,799 Members | 2,941 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Server Permission Settings

Hello,

I'm not sure if I'm in the right area. I have asp pages that call a
database and sometimes updates it. The pages are under the root the database
is in a db folder under the root. My server guy isn't too sure what the
permissions should be on the server to these folders (root & db). Can you
give me some general instructions for this? Or point me in the right
direction for the answer?

Thanks
Jul 22 '05 #1
14 2218
You need to ensure IUSR_<machine> has read permissions for the root and
read/write for the database (not the folder it's in)

"Jess" <Je**@discussio ns.microsoft.co m> wrote in message
news:5F******** *************** ***********@mic rosoft.com...
Hello,

I'm not sure if I'm in the right area. I have asp pages that call a
database and sometimes updates it. The pages are under the root the database is in a db folder under the root. My server guy isn't too sure what the
permissions should be on the server to these folders (root & db). Can you
give me some general instructions for this? Or point me in the right
direction for the answer?

Thanks

Jul 22 '05 #2
IUSR_MachineNam e should have read access on the folder(s) containing the ASP
scripts, and full permissions on the folder containing the MDB file (it
needs read to access it, change to allow the file to grow as you fill it
with more data, and write to create the temporary LDB file).

A bit of information here:
http://support.microsoft.com/default.aspx/kb/253604

And lots of troubleshooting for 80004005 errors here:
http://www.aspfaq.com/2009

"Jess" <Je**@discussio ns.microsoft.co m> wrote in message
news:5F******** *************** ***********@mic rosoft.com...
Hello,

I'm not sure if I'm in the right area. I have asp pages that call a
database and sometimes updates it. The pages are under the root the
database
is in a db folder under the root. My server guy isn't too sure what the
permissions should be on the server to these folders (root & db). Can you
give me some general instructions for this? Or point me in the right
direction for the answer?

Thanks

Jul 22 '05 #3
"Aaron Bertrand [SQL Server MVP]" wrote in message
news:eF******** ******@tk2msftn gp13.phx.gbl...
: IUSR_MachineNam e should have read access on the folder(s) containing the
ASP
: scripts, and full permissions on the folder containing the MDB file (it
: needs read to access it, change to allow the file to grow as you fill it
: with more data, and write to create the temporary LDB file).
:
: A bit of information here:
: http://support.microsoft.com/default.aspx/kb/253604
:
: And lots of troubleshooting for 80004005 errors here:
: http://www.aspfaq.com/2009

Make that modify rights, not full rights.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 22 '05 #4
> Make that modify rights, not full rights.

What rights are included in full that aren't needed?

As I explained, you need read obviously, plus you need change if the MDB
file should grow, plus you need write to create the LDB file.

A
Jul 22 '05 #5
"Aaron Bertrand [SQL Server MVP]" <te*****@dnartr eb.noraa> wrote in message
news:eQ******** ******@TK2MSFTN GP12.phx.gbl...
:> Make that modify rights, not full rights.
:
: What rights are included in full that aren't needed?
:
: As I explained, you need read obviously, plus you need change if the MDB
: file should grow, plus you need write to create the LDB file.

1. It's not create rights, it's write rights.
2. Permissions are inclusive meaning the next level has all of what the
previous level has.
3. With Full Rights you can change permissions and take ownership. That's
not a good thing to give to an anonymous user or anyone that doesn't need
it.

From here: http://www.windowsitlibrary.com/Content/592/1.html#1
If a user needs all access to a file except to take ownership and change its
permissions, the Modify permission can be granted. The access allowed by the
Read, Write, and Read & Execute are automatically granted within the Modify
permission.

Nobody should ever have full rights unless they're an admin, backup account
or SYSTEM. And, no admins should have admin access with their daily user
account. All admins should have a separate account just for administration.
It minimizes the risk to the network and allows for a better trail.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp


Jul 22 '05 #6
> : file should grow, plus you need write to create the LDB file.

1. It's not create rights, it's write rights.
That's what I said. "You need write to create the LDB file."
3. With Full Rights you can change permissions and take ownership. That's
not a good thing to give to an anonymous user or anyone that doesn't need
it.


An anonymous user who can't log in (since Windows controls the password).
Can you please demonstrate an ASP script that will allow a user of the web
site to do something silly or worse because IUSR has "full control" rights
rather than the individual permissions.

Remember that if someone has access to the file system to change an ASP
script that IUSR has access to, they have already compromised more than what
you're worried about. And also remember that I did not suggest adding IUSR
to the administrators group.
Jul 22 '05 #7
"Aaron Bertrand [SQL Server MVP]" <te*****@dnartr eb.noraa> wrote in message
news:e6******** ******@TK2MSFTN GP10.phx.gbl...
:> : file should grow, plus you need write to create the LDB file.
: >
: > 1. It's not create rights, it's write rights.
:
: That's what I said. "You need write to create the LDB file."

Which means you only need modify rights. I hear an echo. (O:=

: > 3. With Full Rights you can change permissions and take ownership.
That's
: > not a good thing to give to an anonymous user or anyone that doesn't
need
: > it.
:
: An anonymous user who can't log in (since Windows controls the password).

You're assuming the password is being controlled by the OS. Just because
it's the default doesn't make it so. You're also assuming it can never be
compromised. What is the only secure system in the world?

: Can you please demonstrate an ASP script that will allow a user of the web
: site to do something silly or worse because IUSR has "full control" rights
: rather than the individual permissions.

NTFS permissions do not affect ASP scripts, directly. They affect user
access. I don't know what the next buffer overflow is going to do and
giving Full Rights to an account that doesn't need it is a security risk.

Network security is not rocket science. It's not a task. It is a simple
philosophy. Never give anyone access they don't need to get their job done.
It's not a good idea to teach others bad behavior no matter how well
intended, no matter how safe it appears to be on the surface.

: Remember that if someone has access to the file system to change an ASP
: script that IUSR has access to, they have already compromised more than
what
: you're worried about.

I'm always worried about the whole system, not just in part. I never assume
anything is secure. As stated above, I have a simple philosophy and I
follow it. It increases my chance for success in securing my network and
those I support. It's not a good idea to give everyone on the net Full
Rights to any part of my network.

: And also remember that I did not suggest adding IUSR
: to the administrators group.

I'm aware. I'm not suggesting you don't know something about security,
however I don't know your level of competency of network security, nor
anyone else's on the net. My response was based on a philosophy which
requires following a standard approach when working with permissions. The
first no-no in network security it to assign Full Rights to any account that
doesn't need it. It's also the first rule broken by every lazy admin on the
planet. I also cannot assume the developer is so proficient that they will
not make the situation worse with sloppy coding. I just cannot predict what
others will do. I have to assume the worst and act accordingly to minimize
the risk and the unscheduled downtime. Also, the net user is not my biggest
threat. It's the users who already have some access to the internal network
and usually Public Enemy #1 is the soon to be convict I'm working under who
thinks s/he needs Administrative access because of his/her title.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 22 '05 #8
Thanks for the help.

Jess
Jul 22 '05 #9
I'm still not sure what you think "Full Control" grants IUSR that
read/write/modify does not, but okay.
Jul 22 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1176
IDE / Server file permission problem?
by: cigwork | last post by:
Using VS.NET 2K3 pro. My development environment is set up with project & source files on a network drive and until a recent server hardware failure followed by a restore/rebuild this worked very well. I now find that apps blows up with the FileIoPermission error when I try to run the app in either debug/release mode from the IDE or as a built .exe on the network drive. The first time I tried to run a project setup like this the IDE...
.NET Framework
1
2360
ATL Server and access to local drive
by: Leonid | last post by:
Hello I have VC++ .NET 2003 ATL Server project. In one of its method I need to write some information in a local txt file. This txt file and this ATL Server are on the same ‘C: \’ drive. When I tried it I just get ERROR_ACCESS_DENIED error from GetLastError function. What do I need to modify to let this ATL Server to write on local hard drive? Is it file’s access permission or ATL Server security settings Thanks a lot for hel ...
.NET Framework
5
449
Server Error in '/' Application.
by: Matthew Louden | last post by:
I have no idea what this run-time error about. Any ideas? I already change the web.config file for the attribute <customErrors mode="Off"/> but still not work. Server Error in '/' Application. Runtime Error Description: An application error occurred on the server. The current custom
ASP.NET
1
4898
Win2003 Server - Access to the path is denied
by: Jody Gelowitz | last post by:
We are having an issue in that when trying to read a file that is on Server2 from Server1 (through our ASP.NET project), we receive the error: Access to the path "\\Server2\MyShare\MyFile.tif" is denied. Here is the server setup that we have: Dev - Development Computer on WinXP Pro SP2 (IIS5), VS2003 developing under .NET Framework 1.1 Server1 - Web Server on Win2003 Server (IIS6) Server2 - File Server on Win2003 Server
ASP.NET
2
2561
ASPNET permission to to access SQL Server Express on localhost
by: William LaMartin | last post by:
in Visual Studio 2005 I have a what is now called in 2005 a web site that when run as a file base web connects fine to SQL Express running on the local machine. However, when I publish this web to a sub web of the default web in IIS on the local machine, and load the page that accesses SQL Server Express in the browser it produces a permission error for ASPNET. How do I grant ASPNET permission to SQL Server Express? I have read that I...
ASP.NET
17
5104
Server Unavailable - ASP.NET 2.0 on Windows XP
by: Jon B | last post by:
Hi All! I have a ASP.NET 2.0 site that works on the Windows 2000 Server. However, when I tried to view this site on my local Windows XP machine, I get "Server Unavailable". If I switch the Windows XP IIS back to ASP.NET 1.1 then I get the Configuration Error (which is understandable because I'm trying to run an ASP.NET 2 site with 1.1 framework). I can however view other ASP.NET 1.1 sites on my local Windows XP machine. It's only the...
ASP.NET
0
9029
Windows XP Server object, ASP 0178 (0x80070005) The call to Server.CreateObject failed while checking permissions.
by: Bronik | last post by:
I found the best solution to this problem What you need to do is go to event viewer - System Log. Look at the error it will look something like that The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {671E00F1-44C3-401E-9E33-8E5E585F26BE} to the user WK01SF78\IUSR_XXXXXX SID (S-1-5-21-2939499473-2795378169-3261179525-1005). This security permission can be modified...
ASP / Active Server Pages
9
3094
sql server 2005 tools configuration starts when I build a distribution project (VB 2005)
by: Alessandro | last post by:
When I build a setup project under vb2005, starts "Microsoft sql server 2005 Tool" showing "Please wait while windows configures Microsoft sql server 2005 tools" Then it stop with this message: Failure setting security rights on users account SQLServer2005NotificationServicesUser$M2 If I give the user administrator rights it does not happen and buid goes right. I I remove the user from administrators the message is showed again. I...
Visual Basic .NET
0
1130
Launching out-of-process COM server from Web Form
by: David St. Hilaire | last post by:
Hi, I'm having trouble creating a COM object in my ASP.NET Web Form. The COM object (IFoo) is in a DLL, but it creates another COM object (IBar) that is defined in an out-of-process COM server EXE. I added a reference to the object's DLL to my Web Form solution. I create the object with the line: FooClass foo = new FooClass();
ASP.NET
7
1773
writing permission on SQL server
by: eranby | last post by:
Hi, I connect the SQL server in my application using this code : ConnectionStringSettings settings = ConfigurationManager.ConnectionStrings; con = new SqlConnection(settings.ConnectionString); but I have no writing permission the database is for read only what should I do in order to add writing permission? thanks Eran
Microsoft SQL Server
0
9686
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9540
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10250
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10222
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
10026
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
5463
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
4139
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3757
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2938
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us