Upgrade issues and permission IIS 8, WordPress, PHP

  • I have a Windows 2012 R2 server setup to host wordpress sites. I have php configured with openbasedir and each wordpress site runs in its own apppool.
    The application pool identity is granted full control over the wordpress folder but upgrades fail unless IUSR is granted write access to the wordpress directory.

    This seems wrong as the IUSR is used for anonymous access. It seems that it would be a security hole to leave IUSR with write permissions. Adding the permission and removing it is not an option as this server will be used to host at least dozens of sites.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • I don’t mean to sound pessimistic but unless there is a very specific reason you need to run IIS you will save yourself a ton of headaches just by setting up a Linux box. I am a SysAdmin and love Windows Server products but IMO, IIS is not the best choice for WordPress and it is difficult to find answers to support questions.

    Thread Starter cmbaker82

    (@cmbaker82)

    Yes, I have other servers with wordpress running on linux. That doesn’t really help with fixing the problem at hand though.

    Thread Starter cmbaker82

    (@cmbaker82)

    So the default permissions for a wordpress install on linux which allows the upgrade to work are as follows:
    wordpress is in the html directory
    /var/www/html 755
    /var/www/html/* 644
    /var/www/html/<otherdirs> 755
    This works and allows wordpress to upgrade just fine
    all files and directories have apache as the owner and apache as the group.
    The permissions indicate that on directories the owner has read write execute and on files read and write.
    Other has read execute on directories and read on files

    The equivalent ntfs permissions should be that the applicationpool identity would have full control on everything, and anonymous would have only read permissions
    This however does not work.

    Thread Starter cmbaker82

    (@cmbaker82)

    I am thinking that it may be a difference in how apache handles anonymous versus how IIS does.

    By default in IIS uses the IUSR account for anonymous access and not the application pool identity.

    I’m guessing on linux apache runs as the apache user even for anonymous logins, which would be equivalent of changing IIS anonymous user to run as the application pool identity.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Upgrade issues and permission IIS 8, WordPress, PHP’ is closed to new replies.