Handling Permissions When Moving Sites

Question!

I’m moving about a dozen websites from one server to another. (Side note: 1and1 VPS is NOT actually a virtual server. Hence, I have to move all our sites off of it.)

We have .Net and PHP web sites. I’m manually checking and updating permissions as best I can. However, I wasn’t involved in the development of all of these sites. Since these are two entirely different Windows servers and they don’t belong to the same domain, I have to go through and add write permissions to certain folders for the CMS apps, etc to work (even if they were on the same domain, I might have had to do this anyway).

Is there a quicker or better way?

Thanks!

Well…could have just selected the root folder and added the permission there and let it inherit its way down to all the children. You know the easy way?

You’re kidding, right? You want me to make the entire wwwroot directory writable? Um, no.

Is this a unique user/group that only your web application uses? Is this a shared server? Giving write permissions to your application on the wwwroot folder does not give the internet write access. So no, I’m not kidding unless you can tell me why giving write access to your application is a bad idea? Otherwise, do have fun going the manual route.

Aha! That’s sounds like Linux thinking!

No, no user/group config here. IIS is configured with one anonymous account for all sites and apps under it. The permissions are limited on the root of the web server for general browsing. If, say Concrete5, needs to be able to write to one or two folders, I have to explicitly set write permissions on those folders.

It seems to me like the general consenus online is that you give accounts, any accounts, the minimum permissions needed to get the job done.

If I setup an account specific for one of my C5 installations and gave it read/write permissions for the whole app directory, you think that’d be ok? That isn’t an anwser I would expect.

Its not Linux thinking…least not on my part. For my own servers (mostly Win 2008) and web sites I manage I give each site/app its own user account and group specifically for isolation.

See the below link: (geared towards IIS 7)

It seems to me like the general consenus online is that you give accounts, any accounts, the minimum permissions needed to get the job done.

If I setup an account specific for one of my C5 installations and gave it read/write permissions for the whole app directory, you think that’d be ok? That isn’t an anwser I would expect.

The minimum level of permissions to sensitive areas. However if you use isolation methods by running the sites in unique accounts it becomes almost a non-issue because the scope of unique account is severely limited to what permissions you set.

I see what you’re saying. Thanks for the input!

I wish you had started with your last post and left off the snotty ones! LOL :wink: