Re: IIS 6 Logfiles inherit permissions attribute
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: Mon, 16 May 2005 17:13:35 +0800
And I assume this will be the same for 7 as well ?
-- Regards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "David Wang [Msft]" <email@example.com> wrote in message news:OJbfl1gVFHA.2796@TK2MSFTNGP09.phx.gbl... > It is by design. > > HTTP.SYS will set its own ACLs when it creates the log file and directory. > > If the logfile's directory is already there, then HTTP.SYS will use the > existing ACLs. > > We did know about this before release, and the current behavior is a > compromise (it used to be HTTP.SYS sets its own ACLs, period). > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > "Bernard" <firstname.lastname@example.org> wrote in message > news:ufUFu$dVFHA.2960@TK2MSFTNGP15.phx.gbl... > Not sure if this is by design. but those log paths created by IIS will NOT > inherit the permissions from parent directory. I know, it's really > troublesome to manually set it, but that's the only way to change it. You > can try tools like xcacls.exe to set it. > > -- > Regards, > Bernard Cheah > http://www.microsoft.com/iis/ > http://www.iiswebcastseries.com/ > http://www.msmvps.com/bernard/ > > > "Ducks" <Ducks@discussions.microsoft.com> wrote in message > news:0CCE2907-E4DA-4B5B-A4C0-ED5AE95BEEF5@microsoft.com... >> We are scripting the move of the IIS logfiles and setting the appropriate >> permissions at the root directory for the IIS logfiles. >> d:\data\iis\logfiles. >> The issue occurs when IIS creates the W3SVC dirctory and log file, the >> permissions we set at d:\data\iis\logfiles directory with the inherrit >> permissions enabled do not carry down to the directory W3SVC that IIS >> creates >> when the site is hit for the first time. The same behavior holds true if >> we >> leave the extended logging pointed to the default logging directory when >> IIS >> installed. Only permissions that are set at "W3SVC, which IIS creates" >> are >> the "default permissions" for IIS for this directory which are >> Administrator >> and the System accounts. If a file is manually created at this location >> the >> new folder carries the inherrit permissions attribute flag as expected. >> >> "Jeff Cochran" wrote: >> >>> On Mon, 9 May 2005 14:28:04 -0700, "ThomsonWest" >>> <ThomsonWest@discussions.microsoft.com> wrote: >>> >>> >During our build process and IIS 6 install we move the IIS log files to >>> >a >>> >non-OS partition local to the server and set the NTFS permissions to >>> >allow a >>> >specific user group read access to the IIS logfiles directory. Once a >>> >user >>> >hits the website IIS creates a directory W3svcX for each site. In doing >>> >so >>> >the inherit permissions attribute does not carry down from the parent >>> >directory to the IIS logfiles directory (W3SVC?) as it did in IIS 5. >>> >>> That's a Windows thing. Make sure the appropriate accounts in your >>> group have the appropriate rights. Check a Windows admin group for >>> help and further detals. >>> >>> >Any suggestions short of pre-creating each "W3svcX" directory that will >>> >allow IIS to create the log file directory and log file so the NTFS >>> >permissions we set in our install process also carry down to the >>> >directories >>> >IIS creates? Manually creating a directory at the parent will have the >>> >inherit permissions checked in the same directory without any issues. >>> >>> Again, not an IIS issue but rather a Windows administration issue. >>> You could script the directory creation before the logfiles are >>> written of course, along with scripting correct permissions. >>> >>> Jeff >>> > > >