2

I'm moving a PHP app from IIS7 to IIS8.5 on Win2012 R2. The app runs in its own application pool (MyPortal) and needs write permission on a sub-folder to create PDFs. So I assign Modify or Full Control permissions to IIS AppPool\MyPortal on the local machine, however the app is still unable to write to the folder. The only way I have found to allow it to do so is by giving Modify access to the local USERS group, which I'd rather not do (although I have no choice ATM).

The php-cgi.exe process is running under the MyPortal identity, but somehow isn't picking up the permissions I have assigned to the MyPortal user on the folder. The PHP process is doing a simple fopen command $file = fopen($tmp_filename,"w");.

I saw this similar post https://serverfault.com/questions/570033/iis-iusrs-and-defaultapppool-permissions-do-not-work which suggested it may be a permissions caching issue, solved by a reboot, but that's not worked in this instance.

Any suggestions as to what's wrong?

Community
  • 1
  • 1
MrAngry
  • 31
  • 1
  • 4
  • How is your IIS website anonymous authentication set up? And your application pool authentication? Best is to debug using Sysinternals' Process Monitor and/or Process Explorer: https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx , look for file I/O operations and access denied errors. – Jan Reilink Sep 26 '16 at 12:30

1 Answers1

1

You've got it @Jan Reinlink. Anonymous Authentication needed setting to 'Application identity pool'. I had assumed that because the PHP process was running as MyPortal it was using the same permissions.

MrAngry
  • 31
  • 1
  • 4