I'm creating an installer for an ASP.NET MVC web app using Wix, and I need to set a write permissions for the IIS_WPG on a particular folder in the site. I found an example (I think, still haven't got it working) of how to do this with cacls.exe:
<CustomAction Id="PermissionAppData" Directory="TARGETDIR"
ExeCommand=""[SystemFolder]cacls.exe"
"[INSTALLDIR]\Content\uploads"
/T /E /G IIS_WPG:M" Return="check" />
However, I've heard that PermissionEx
is better as it modifies ACLs instead of overwriting, (although the /E modifier here claims to do the same?) so I'd prefer to use that if possible. The only examples I can find for PermissionEx
set permissions on the install dir and all subfolders - I don't want to do that.
How do I use PermissionEx
to modify the permissions on a single folder within my install folder?
Ok, here's what I've got so far - based on Yan's answer below and a bunch of other examples online
My folder structure....
<Fragment>
<!-- Will default to C:\ if that is the main disk-->
<Property Id="ROOTDRIVE"><![CDATA[C:\]]></Property>
<Directory Id="TARGETDIR" Name="SourceDir">
<!-- Will reference to C:\inetpub-->
<Directory Id="INETPUB" Name="Inetpub">
<!-- Will reference to c:\Inetpub\wwwroot-->
<Directory Id="WWWROOT" Name="wwwroot">
<!-- Will reference to c:\Inetpub\wwwroot\Demowebsite-->
<Directory Id="INSTALLFOLDER" Name="DemoWebsite">
<Directory Id="CONTENT" Name="Content">
<Directory Id="UPLOAD" Name="upload">
</Directory>
</Directory>
</Directory>
</Directory>
</Directory>
</Directory>
</Fragment>
Yan's suggestion
<Fragment>
<DirectoryRef Id="UPLOAD">
<Component Id="SetFolderPermissions" Guid="*">
<CreateFolder>
<util:PermissionEx GenericRead="yes" GenericExecute="yes" User="[SC_IUSR_USERNAME]" Domain="[SC_IUSR_DOMAIN]"/>
<util:PermissionEx GenericRead="yes" GenericExecute="yes" GenericWrite="yes" Delete="yes" User="[SC_ASPNET_USERNAME]" Domain="[SC_ASPNET_DOMAIN]"/>
</CreateFolder>
</Component>
</DirectoryRef>
</Fragment>
This seems to do nothing. Permissions are not set for the IIS_IUSRS account. I've also tried this solution from trycatchfail
<Product>
<!-- rest of product code removed for brevity -->
<Property Id="WEBUSER" Value="Byah" />
<Property Id="WEBDOMAIN" Value="Byah" />
<CustomAction Id="SetWebuserIIS7" Return="check" Property="WEBUSER" Value="IIS_IUSRS" />
<CustomAction Id="SetWebuserIIS6" Return="check" Property="WEBUSER" Value="IUSR_[ComputerName]" />
<CustomAction Id="SetDomainIIS7" Return="check" Property="WEBDOMAIN" Value="" />
<CustomAction Id="SetDomainIIS6" Return="check" Property="WEBDOMAIN" Value="[ComputerName]" />
</Product>
<Fragment>
<DirectoryRef Id="UPLOAD">
<Component Id="SetFolderPermissions" Guid="*">
<CreateFolder>
<util:PermissionEx User="NetworkService" GenericAll="yes" />
<util:PermissionEx User="Administrators" GenericAll="yes" />
<util:PermissionEx User="Users" GenericRead="yes" GenericExecute="yes" />
<util:PermissionEx User="[WEBUSER]" Domain="[WEBDOMAIN]" GenericAll="yes" />
</CreateFolder>
</Component>
</DirectoryRef>
</Fragment>
Here is a plain sample:
<DirectoryRef Id="WebsiteFolder">
<Component DiskId="1" Id="DummyComponentForPermissionsWebsite" Guid="{GUID-GOES-HERE}">
<CreateFolder>
<util:PermissionEx GenericRead="yes" GenericExecute="yes" User="[SC_IUSR_USERNAME]" Domain="[SC_IUSR_DOMAIN]"/>
<util:PermissionEx GenericRead="yes" GenericExecute="yes" GenericWrite="yes" Delete="yes" User="[SC_ASPNET_USERNAME]" Domain="[SC_ASPNET_DOMAIN]"/>
</CreateFolder>
</Component>
</DirectoryRef>
And here's a quick explanation:
<Directory>
with Id="WebsiteFolder"
defined somewhere<CreateFolder>
element is required because there's no other elements in this component. You can easily add <util:PermissionEx>
elements to other components, which contain files, registry values, etc.xmlns:util="http://schemas.microsoft.com/wix/UtilExtension"
namespace referencedWixUtilExtension
during compilationIf you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With