security on 2 databases - 1 inside web folder, 1outside - why diff
From: Jonathan (Jonathan_at_discussions.microsoft.com)
Date: Thu, 2 Jun 2005 06:12:03 -0700
Still learning a lot about security but this one issue has been driving me
nuts. I have a database on our web server that located in a folder under the
wwwroot directory (ie its part of the website). I have another one that is
located outside of the web direcectory in a seperate folder.
I have a scripts that run that update either database. Now the NTFS
security on the the database located in the web folders requires the IUSR_*
account to have the read, write, execute, etc. access so that the scripts can
update the database correctly.
Yet the NTFS security on the database that is located outside of the web
site doesn't need any of that security and it works fine.
Example: C:\inetput\wwwroot\fpdb\data1.mdb has to have access set for IUSR_*
then C:\databases\data2.mdb doesn't.
data2.mdb only has Admin, System and Users (where users only has NT
authenticated users in it)
Yet if I make the security on data1.mdb an exact mirror of the security on
data2.mdb then none of the ASP scripts will work on data1.mdb.
So my question is why? Why does one need to have the IUSR_* account to be
able to update but the other doesn't? I can make everything identicial (both
the NFTS file and folder permissions and the settings through IIS 6.0) but it
My only guess is that its because one is inside the website and the other is
not - but wanted to know if this is true and why. Any info would be great -
its nothing ciritcal - I just hate not understanding this behavoir and have
no idea how to even begin searching for an answer to this.