By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,364 Members | 1,493 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,364 IT Pros & Developers. It's quick & easy.

PHP & NTFS Permissions

P: n/a
Hello group!

I'm having a problem and I hope some of you may be able to point me in the
right direction.

I inherited a web site using php, running on Windows 2000 & IIS. The site
was developed by a consulting firm about a year before I came on board, the
consultant has since gone out of business. Overall, I've never had a
problem with the site and have been able to figure out nearly everything
they configured on it.

The server with the site is getting old, so I'm trying to migrate it to a
new box. I've configured the new box to be identical to the old one - in
terms of partition layout, directory structure, NTFS users / groups & NTFS
permissions, php.ini, etc. I have php installed with IIS & it is working
properly. All aspects of the site work, except for one. We have a feature
that allows users to log in to a file manager & edit existing pages. When I
try to edit one of thes pages, I get an fopen error, complaining that
permission is denied.

To reach this file manager, the users log in twice. They first log in using
a web-based form, which pulls their user details from MySQL. To reach the
file manager itself, they have to enter a username / password using basic
IIS authentication (the pop-up box). The username / password they use to
access the file manager is a local account on the web server.

The user they are logging in as has full NTFS permission on the web root.
When they attempt to edit a file, the php script is supposed to create a
temp "lock" file in the current directory. When the script attempt to
create this temp file, the "permission denied" error is generated.

If I set the Everyone group to have write permission on the web root, the
problem goes away. Obviously, I don't want to do this. This was not needed
on the old server.

My question, seeing as my users / permissions / etc on the new machine match
what I have on the old machine, why would I be having this "permission
denied" error. What user would php try to create the file as??

The files, as well as the directories, in question here have the proper
permissions set - at least they match what I have on the old server.

Doing a phpinfo(); on the old server & new server shows identical values for
temp files, etc etc.

What could I be missing here?

Thanks a bunch!

(reply to group only please)
Jul 16 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
BingoHandJob wrote:
Hello group!

I'm having a problem and I hope some of you may be able to point me in the
right direction.

I inherited a web site using php, running on Windows 2000 & IIS. The site
was developed by a consulting firm about a year before I came on board, the
consultant has since gone out of business. Overall, I've never had a
problem with the site and have been able to figure out nearly everything
they configured on it.

The server with the site is getting old, so I'm trying to migrate it to a
new box. I've configured the new box to be identical to the old one - in
terms of partition layout, directory structure, NTFS users / groups & NTFS
permissions, php.ini, etc. I have php installed with IIS & it is working
properly. All aspects of the site work, except for one. We have a feature
that allows users to log in to a file manager & edit existing pages. When I
try to edit one of thes pages, I get an fopen error, complaining that
permission is denied.

To reach this file manager, the users log in twice. They first log in using
a web-based form, which pulls their user details from MySQL. To reach the
file manager itself, they have to enter a username / password using basic
IIS authentication (the pop-up box). The username / password they use to
access the file manager is a local account on the web server.

The user they are logging in as has full NTFS permission on the web root.
When they attempt to edit a file, the php script is supposed to create a
temp "lock" file in the current directory. When the script attempt to
create this temp file, the "permission denied" error is generated.

If I set the Everyone group to have write permission on the web root, the
problem goes away. Obviously, I don't want to do this. This was not needed
on the old server.

My question, seeing as my users / permissions / etc on the new machine match
what I have on the old machine, why would I be having this "permission
denied" error. What user would php try to create the file as??

The files, as well as the directories, in question here have the proper
permissions set - at least they match what I have on the old server.

Doing a phpinfo(); on the old server & new server shows identical values for
temp files, etc etc.

What could I be missing here?

Thanks a bunch!

(reply to group only please)


Could be that IIS is running as a user with insufficient permissions
(who the user logs in to your web page as is irrelevent). Go to the
services control pannel and look for the world wide web servivice item.
select properties and view/change who the web server runs as.

Another remote posibility is that you can "log" the users in without
logging them in. ie. uncheck the box with "Allow anonymous connections"
somewhere in IIS). If you need to make sure they have access, there is
an environement variable now populated (think it is called NTAUTH_LOGIN)
or something which you can use (check phpinfo()). This will be their
windows login name. MAYBE stuff will run under this user's credentials.

Jul 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.