IIS Security & Permissions

  • thomcooper

    (@thomcooper)


    10 years, 8 months ago

    OK,

    I’ve tried to solve this query several times before, but never really got anywhere. I’m in the process of swapping over to a Win 2012 IIS 8 server & the question has popped up again & I’d love to resolve it, so here goes:

    Unless I give IUSR write permission to the content & includes folders, then I cannot upload stuff or install plugins, ditto the entire site directory in wwwroot when I come to upgrading the site.

    I usually end up just giving iusr write access to the entire site as it saves any problems for customers who are trying to administer their sites.

    I run regular backups (once per day) so have some disaster recovery in place, but I’ve never worked out whether or not this is 100% secure. I don’t want a client to have to ring up each time they want to upgrade their site, but similarly I wanted to check that this is the correct way to go about doing things?

Viewing 3 replies - 1 through 3 (of 3 total)
  • symbolscape

    (@symbolscape)

    10 years, 1 month ago

    Hi Tom, did you ever gather any more information on this issue?

    Thread Starter thomcooper

    (@thomcooper)

    10 years, 1 month ago

    No, although from what I understand it is only a security hole if someone wishing to be malicious knows a WP username & password.

    msalz

    (@msalz)

    9 years, 11 months ago

    Hi Tom,
    I have been looking for a clear answer to your exact question. Thank you for posting it. Do you have any further information on the consequences of providing write access to IUSR?
    Thanks,
    Mike

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘IIS Security & Permissions’ is closed to new replies.