40

I need a PHP script to have writing permission in a directory. PHP 5.3 is running as FastCGI under IIS 7 with windows server 2008 as OP. On my php error logs, I got "permission denied" when the script attempts to write a file.

How can I sort this out? I tried to give all right to IIS_IUSR and to IUSR_myservername (with a right click on my folder) but it didn't work.

Any help would be very appreciate,

Regards,

Julien

JuCachalot
  • 1,010
  • 4
  • 15
  • 27

3 Answers3

76

I have the same setup and I have to give write permission to:

  • IUSR
  • IIS AppPool\<<AppPoolName>>
Kevin Robatel
  • 8,025
  • 3
  • 44
  • 57
tomfumb
  • 3,669
  • 3
  • 34
  • 50
36

Actually, it's a little bit more complicated.

The first thing to do is to create a simple PHP file on the concerned website. (It's important to create the file on the concerned website because each website can have a different setting.) The content of this file should be:

<?php var_dump(ini_get('fastcgi.impersonate')); ?>

Navigate to this file using a browser.

** Case 1 **

If your browser shows :

string(1) "1"

Then, you need to execute the following command (you need to replace "Default Web Site" by the name you gave to your website in IIS) :

%windir%\system32\inetsrv\appcmd.exe list config "Default Web Site" ^
/section:anonymousAuthentication

You will receive an answer which looks like this :

<system.webServer>
  <security>
    <authentication>
      <anonymousAuthentication enabled="true" userName="IUSR" />
    </authentication>
   </security>
</system.webServer>

The information you are looking for is the value of the username attribute of the anonymousAutthentification tag.

  • If this value is not empty, its content is the name of the user you need to give write permissions to.
  • If this value is empty or if the attribute is simply missing, you need to give write permissions to IIS AppPool\AppPoolName (replace "AppPoolName" with the name of your website's application pool).

** Case 2 **

If your browser shows :

string(1) "0"

You need to give write permissions to IIS AppPool\AppPoolName (replace "AppPoolName" with the name of your website's application pool).

Tristan CHARBONNIER
  • 1,119
  • 16
  • 12
  • Thank you so much for the detail. I'm always a bit antsy when an answer is just "x" without saying how to find out, or why it's "x" – Stephen R Feb 09 '17 at 16:51
  • Where to execute the command? In cmd or in some specific shell? – Lahar Shah Feb 23 '17 at 18:14
  • @tristan Charbonnier Sorry to bump an old thread but do you know how to do the app pool permissions for AD and network drives? – Craig B Feb 26 '17 at 22:55
  • 1
    This needs more upvotes! ...after 4 days of search related to "Missing a temporary folder." issue in WordPress, I finally understood that its the IIS AppPool that needs permission on the PHP upload_tmp_dir folder not on WP_TEMP_DIR. thanks mate! – Sanjeev Aug 07 '20 at 14:11
  • To get the appPoolName click on the site in IIS and then click on Basic Settings in the right pane – Schwarz Software Jun 06 '23 at 13:03
9

You need to give PHP writing permission, not IIS. This means the user account that PHP is running on needs permission (probably the same one IIS is running on).

Andrea
  • 19,134
  • 4
  • 43
  • 65