| svend aage madsen 2007-11-30, 1:23 pm |
|
"Brain Steward" <junk@junk.com> skrev i en meddelelse
news:Oic0QuV$HHA.4460@TK2MSFTNGP02.phx.gbl...
>I have IIS 6.0 Win 2003. Most directories in the web use MS default
>permissions for IIS 6.0 , the relevant ones of which are USERS (Read &
>Excecute, List Folder.., and Read) and the Internet Guest Account server
>which has no "allows" and a "Deny Write".
>
> My question is: the deny write does not seem to do anything at all. I
> have a directory where an ASP script (not ASP.net, just classic ASP)
> writes a text file. On this directory I have anbled "WRITE" for Users.
> The intenet Guest Account is unchanged and inherits "Deny Write". In the
> IIS console for this directory "Write" is NOT ticked and anonymous access
> is enabled for the entire web site. The issue is that even though I put
> "deny write" on the internet guest account (which I'm doing as a test of
> my security) it does NOT stop the ASP script from writing to this
> directory.
>
> Why is this? I would have though that if you access the ASP script as an
> anonymous user and this ASP script writes to a second directory which has
> "Deny Write" for the Internet Guest Account this should prevent the ASP
> script from writing. But it doesn't.
>
> The IIS configuration is the default --- eg the application pool runs
> under the network identity (ie the default).
>
> Of course I can prevent writing to the directory if I remove write
> permissions from USERS. But I don't understand why the Internet guest
> account can write even when write permissions are explicitly denied and
> seconly why the Internet Guest Account seems to end up being treated as a
> "USER" even though it is not a member of the User group.
>
> Can anybody explain this behaviour?
>
|