iis 7 - Resolving Permissions Problems for WordPress on IIS7 -


i running wordpress on win2k8/iis7 (using httpcache, fastcgi & urlrewriter 2.0) installed via wpi. seems working fine (uploads, posting via live writer, comments, plugins, pretty urls).

i trying update wordpress latest version, error this:

download failed. destination directory file streaming not exist or not writable

this same error when trying download theme or update plugin.

there no errors in event log , wordpress isn't telling me directory it's looking for, user thinks it's using or permission lacking.

i have double (and triple) checked iis app pool user explicitly set, , directory has modify permissions user, , permissions have been propogated down sub folders.

at advice of dr. google, have added following settings config file:

/** absolute path wordpress directory. */ if ( !defined('abspath') )     define('abspath', dirname(__file__) . '/');  /** sets wordpress vars , included files. */ require_once(abspath . 'wp-settings.php');  define('wp_temp_dir', abspath . 'wp-content/'); define('fs_method', 'direct');

am missing config option or setting? wordpress require sacrifice of small kitten and/or algerian degu?

from php manual on iis7 installation (emphasis mine):

impersonation , file system access

it recommended enable fastcgi impersonation in php when using iis. this controlled the fastcgi.impersonate directive in php.ini file. when impersonation enabled, php perform file system operations on behalf of user account has been determined iis authentication. ensures if same php process shared across different iis web sites, php scripts in web sites not able access each other's files long different user accounts used iis authentication on each web site.

for example iis 7, in default configuration, has anonymous authentication enabled built-in user account iusr used default identity. this means in order iis execute php scripts, necessary grant iusr account read permission on scripts. if php applications need perform write operations on files or write files folders iusr account should have write permission those.

as discussed in "should impersonate php via fastcgi?" question on serverfault, there security concerns if grant anonymous user write access rights on server. instance, if have enabled webdav module, write directories using protocol!

therefore recommendations are:

  1. ensure sites have own unique application pool assigned.
  2. in advanced settings under processing model application pool, set built-in account applicationpoolidentity.
  3. disable impersonation in php.ini fastcgi.impersonate = 0, php runs under application pool identity set in iis.
  4. set read/write permissions on folders using automatically generated application pool user account (e.g. "iis apppool\myapppoolname").

this way, php scripts ensured run under system account, tied application pool of site (isolating other sites), , cannot accidentally public access via impersonation.


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more