OK. This is a new blog.
Here is where I attempt to learn
more about IIS. This is Microsoft's
web server.
Here's an article that describes permissions
under IIS 5.0:
IIS PIIS 5.0 Permissions
The key thing this article seems to be saying
is that file system permissions and web server
permissions are separate but overlapping issues
under IIS.
File system permissions are what I'm used to
under Unix. I've never heard of web server
permissions.
Here's Microsoft's documentation on the same
topic:
The Permissions Maze
One important thing I learned from
the Microsoft article is that when
file system permissions and web server
permissions come into conflict, the most
restrictive of the permissions applies.
This make sense. In a sense, it is like
having to unlock two doors to get into a building.
If the building has two locked doors, one
behind the other, you need both keys to get
into the building.
Since the file system and the web server are
distinctly different layers of software, it
makes sense that the more restrictive of
permissions (the locked door) is going to apply
(you won't get into the building).
I started to research this topic because I saw
777 permissions (file system permissions) when
I did an ftp to a web site.
Looks like the system administrators on this
particular site are relying on web server
permissions alone to control access.
A 777 permission on a file system means
permissions are not restricted for anyone.
In other words, 777 permissions on the file
system means one of the two doors has been
totally left open.
There's a certain amount of speculation here
on my part.
As I learn more, I'll write more.
Ed Abbott
