I'm running PHP 5.3.13 on IIS 7. At the end of my script I need to unlink() expired files which are on a NAS that is a member of the AD Domain. As you can guess by the title, this is failing for permissions restrictions.
I need to know the credentials I am using as the webserver so I can adjust the permissions on the NAS accordingly. Is there a script equivalent to phpinfo() that would output to my log the security principals of the process running my script?
Also, I learned that the view of the filesystem from PHP, under IIS 7 at least, is not the same as the filesystem as viewed from a command prompt. There are executables that are visible from the command prompt that are not visible from a PHP script and vice versa. Does anybody have an explanation for this? For instance, I wanted to run WBAdmin from a PHP script only to find that it is not visible to PHP!!!
Thanks for the help,
06-10-2013, 03:04 PM
I'm not real up on IIS, but with Apache the typical installation has PHP scripts being run by the web server user (typically either "nobody" or "apache", but could in theory be any desired name). So you may need to check with your sysadmin or see if any IIS gurus can help you with a way to determine who the web server user is in an IIS web environment.
06-10-2013, 03:37 PM
So, then, you don't know... So, was there supposed to be some value in your response that I missed?
06-10-2013, 03:55 PM
Well, I was trying to confirm/explain that a php script run via the web server is likely going to be run via a different user than it is if you log in and run it from the command line, so you need to determine who that user is. Unfortunately, I am not an IIS user, so that's as specific as I can get. I thought maybe a partial answer would be better than no answer and help you confirm what you need to find out. Next time I'll be silent and just let the question go totally unanswered if I don't have a 100% solution for you.
06-10-2013, 03:58 PM
Have you tried writing a quick script that creates a file, running it through IIS, and then checking who the "owner" is?
06-10-2013, 04:05 PM
Very interesting suggestion! No, I have not tried that. Let's suppose I do that and I also get a permission restriction. In this case I will have learned nothing. Surely there is a PHP function to return the security principals of a process. Does nobody know of any such call?
Thanks for the help,
06-10-2013, 04:53 PM
If you change permissions on the folder you plan to write to so that it is world writable...you wouldn't have any issues with being able to write the file. It isn't in the domain of PHP to have a built-in function to manipulate filesystem security (that is usually the domain of the OS).
If I had to make a guess (assuming you just kept clicking next with all the defaults during install) I would bet your script runs as IUSR_MACHINE.
Well, I feel like a complete prat. The permissions restriction is the result of the directory not being empty... D'Oh! And, worse, I even knew that at some point in the past, because I can see comments telling me that 'system("DEL /S ...")' does not work. So at some point I realized that the problem was a non-empty directory and I tried the expected systemic solutions and I was apparently interrupted for something else. I have quickly coded a recursive delete, which works brilliantly.