Menu
While debugging a particularly troublesome error involving SQLite and IIS, we encountered a permissions problem when accessing the App_Data properties
The permissions on App_Data are incorrectly ordered, which may cause some entries to be ineffective.
Here's a screenshot as well:
My question isn't what incorrect ordering is, I think How do you programmatically fix a non-canonical ACL? already gives a good intro into the problem.
What I want to know is what types of ordering are incorrect? For example, if we put Full Control for Everyone, should that precede or follow some other permission? Are there any examples of incorrect ordering that trigger the error? We clicked Reorder so we no longer can reproduce the error on our machine.
557
Right-click the file or folder, and then click Properties. Click the Security tab. Under Group or user names, click your name to see the permissions you have. Click Edit, click your name, select the check boxes for the permissions that you must have, and then click OK.
Run the following command to reset permissions for a file: icacls "full path to your file" /reset . To reset permissions for a folder: icacls "full path to the folder" /reset . To reset permissions for a folder, its files, and subfolders, run the command icacls "full path to the folder" /reset /t /c /l .
Right-click on a folder, then choose Properties. Go to Security tab. Click Edit under Groups or user names section. Highlight the user you want to remove, and click Remove.
For us, it was the Cygwin that created files which were showing these problems This thread explains it and possible remedies. cygwin sets file permission to 000
Also, something I wasn't seeing in other threads, our ACL had "NULL SID" in it: see the picture
139
HP has a simple solution:
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c00810470
The TL;DR:
Assuming that you have lots of files/folders to fix (like I did) go to the folder above the ones you need to fix. Right-click and choose Properties on that folder, click on the Security tab. Then click the Advanced button at the bottom of the security tab.
HP doesn't tell you this but I had to in the Advanced window take ownership of the folder. The second line of the Advanced dialog lists the Owner of the folder and has a Change... link beside it. Click that link and find the user that you want to own the folder. Click the checkbox to apply this change to all children. You will then be prompted to close all properties dialogs because you have changed ownership.
Back to our regularly scheduled programming:
Go back to the Security tab of the Properties dialog and into the Advanced dialog. Now you can change permissions. I deleted a whole host of "DENY" permissions that had crept in because of (I think) writing the files on a Win 10 Pro computer and accessing them on a Win 10 Home computer with a different user. Again check the option to apply the changes to all children and click OK on all dialogs. Windows will go through your files one at a time resetting permissions.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
