I'm having a problem with a PHP website running on IIS 7 on Windows Server 2008.
There is one line of code calling mkdir which is erroring and the error log reads:
"... permission denied ..."
I have ruled out anything to do with folder permissions (I have tried multiple groups: Everyone, Users, IUSR, Network Service etc. with no luck).
I need to know how mkdir works, does it check the read-only attribute of the parent folder?
If so, then this could be the root of the problem as all folders in Windows Server 2008 are marked as "Read Only" and the checkbox is greyed-out - Microsoft say it is "by design" but I think it is really "bad design".
Please help.
P.S. The line of code which errors can be found here https://github.com/LimeSurvey/LimeSurvey/blob/070d255ba381d7abcd231d7c9e0c7d11f5578c97/admin/templates.php#L1182 it is line 1182.
SOLUTION:
echo
to output the $target
valueLESSONS LEARNT:
Bounty awarded to @BOMEz because of the useful quote from mkdir()
documentation which indicated that I should double-think the permissions. @BOMEz also provided a tailored answer and interacted with me via comments which helped.
As a test (preferably in a development environment) give the IIS user full access to the parent folder. If this makes it work, slowly start taking away privileges to see which ones you need.
Try changing:
if(mkdir($target,0777))
to:
if(mkdir($target))
Windows ignores the mode option. Might be some weird bug causing it to fail.
Additionally for your $target variable could you try forcing it to link to the full Windows path? Such as C:\Program Files\ IIS\...
I've ran into situations with windows before where access was denied attempting to use a relative path, but the full path works just fine.
EDIT: Looking at the comments on the documentation for mkdir() one commenter mentions that you might also need to add execute permissions to the user:
If you're getting a Permission Denied error, but are certain the permissions and ownership where you are trying to create the directory are correct, check again:
The location where you are trying to create the directory in must have the Execute permission for the owner trying to create it, regardless of if the folder is Readable, or Writable.
This may be obvious to some, but was not to me at first. Hopefully this will save you the trouble I went through.
Since you didn't mention a control panel of any sort I'm going to assume you have access to the server either physical or remote desktop. I'm also going to assume you checked your php.ini settings.
That being said, there is a work around for some of these permission problems.
You will need to create an administrator account (and add it to the administrators group) for this site to use or simply use your administrator credentials.
This is a bit of a sledge hammer fix since it will grant full unrestricted access to the file system from your scripts.
If you created a new user and you want to maintain some level of script security then you can try pulling the user out of the administrators group and then giving it full permissions on only that site with the following:
If asked, select that you want to apply to all directories and files.
~
If your still having issues then there is a good chance your php setup is configured incorrectly or corrupt. (Safe mode turned on maybe?)
Following is the explanation of permissions.
Read
ls
or dir
Write
Execute
cd
into that directory without this permission.--
So, now that makes it clear the answer to your problem (as you guessed correctly), for making new directory or writing new files into the directory you need write permission on that directory. So for making folders into say C:/your_folder/
you need, write
and execute
permissions on that folder. (Yes you need execute too, as apparently for mkdir
you need to go inside the folder first.)
One of the issues that we run into quite often is that files have been moved from any location to the websites location, maintaining the original permissions instead of inheriting the permission needed by the application pool user of the pool that's beeing used by the website.
So one good thing to try would be to right click your document root folder, go to properties and then the security tab. Press the advanced button, check the checkbox a "Replace permission entries on all child objects with entries shown here that apply to child objects". That way you can atleast be sure all your permissions are set on all subfolders and files.
We nerver had any problems with the read only attribute, even though this is checked for all our folders. (grayed out/checked). So i doubt that is your problemen.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With