File permission problem

[Richard Muller]

Hi,

I new to ASP. I have a problem with an ASP script opening a file for
writing on my server. Here's how I got to this error:

I downloaded a neat FileUpload ASP example from
http://www.asp101.com/articles/jacob/scriptupload.asp.

I copied to my wwwroot folder on my Win2000AS/SP4 server:
- main .asp file
- a subordinate .asp file that the main file references; and
- a webform .html file

Because of the problem I encountered I added a number of debugging
statements to the script. Then I invoked the webform from a workstation
using IE6.0 by referencing the server's IP address appended with webform
..html file's name.

I completed the form with:
- Name: RLM
- File: F:\_Projects_Current\_Projects_ASP\Test\Upload_test.txt
and clicked Submit. I got the following error:

Microsoft VBScript runtime (0x800A0046)
Permission denied
/upload.asp, line 137

The offending line is:
Set oFile = oFS.CreateTextFile(sPath & FileName, True)

I commented out this line, which then yielded:
Thank you for your upload RLM
Saving to folder D:\UploadedFiles\
Validating existence of folder D:\UploadedFiles\
Saving data to D:\UploadedFiles\Upload_test.txt
File Uploaded: Upload_test.txt
Size: 21 bytes
Type: text/plain

Any ideas on how I can fix this?

--

Regards,
Richard

I can resist everything except temptation
Lord Darlington in "Lady Windermere's Fan" by Oscar Wilde

 

[Ray at]

Assuming you're using anonymous access on your site (the default), you'll
have to give IUSR_<computername> NTFS write permissions to the directory to
which you're trying to save the file, D:\UploadedFiles.

Ray at work

 

[Richard Muller]

Hi Ray,

Many thanks for your response. I was sure you were putting me on the right
track. I just wasn't sure whether I could follow the track Here's what
I did, but still wound up with Permission Denied. Any other suggestions?

Regards,
Richard Muller

Assuming you're using anonymous access on your site (the default)

I verified anonymous access as follows:
In Microsoft Management Console for IIS,

right-clicked the one-and-only entry, the server name, and clicked
Properties

clicked the Directory Security tab

clicked the Edit button in Anonymous access and authentication control group

accepted default: Anonymous access checkbox checked

accepted default: Integrated Windows authentication checkbox checked

IUSR_<computername> NTFS write permissions to the directory to
which you're trying to save the file, D:\UploadedFiles.

I tried to provide write permissions to that folder as follows:

I right-clicked that folder name in Windows Explorer on the server,

clicked Properties which opened the UploadFiles Properties dialog,

clicked Web Sharing tab,

clicked the Share this folder radio button,

accepted the defaults of: Read, Write and Scripts.



Still got Permission denied.



Again opened the UploadedFiles Properties dialog,

clicked Sharing tab,

clicked the Share this folder radio button,

accepted the default sharename UploadedFiles

clicked the Permissions button which opened the Permissions for
UploadedFiles dialog,

clicked Remove on the Everyone class of users,

clicked the Add button (closing the Permissions for UploadedFiles dialog),

double-clicked my workstation's name and OK in the Select Users, Computers
or Groups dialog,

clicked (Allow) Full Control on workstation's name.



Still got Permission denied.



Stopped and restarted IIS

In Microsoft Management Console for IIS.

right-clicked the one-and-only entry, the server name

clicked Stop IIS

After it stops, right-click the server name

clicked Restart IIS



Still got Permission denied.

 

[Ray at]

Undo all the sharing stuff that you did unless you really want to share this
directory on your network.

When you pull up the properties dialog for that folder, you ~should~ have
these tabs:

Windows XP:
General
Sharing
Security
Web Sharing
[Customize]

Windows 2000:
General
Web Sharing
Sharing
Security


Windows NT 4:
I forget.


You want to set the permissions on the SECURITY tab. Add the IUSR to the
list of users with permissions and give that user permissions to write and
modify contents. If you do not have a security tab, your drive is not NTFS.
If that is the case, there's some other issue. AV software maybe?

Ray at work

 

[Richard Muller]

Hi Ray,

On my Windows2000AS/SP4 server,

in D:\UploadedFiles | Properties menu item | Security tab | Add button ==>
Select Users, Computers, or Groups dialog

"MachineName for Workstation 1" said to be in folder "MyDomain"/Computers
with a PC icon

"MachineName for Workstation 2" said to be in folder "MyDomain"/Computers
with a PC icon

"MachineName for Server" said to be in folder "MyDomain"/DomainControllers
with a PC icon

IUSER_"MachineName for Server"

No other IUSER_xxx



I added both workstations and gave the all permissions except Full Control

Got same Permission denied for server file D:\UploadedFiles

BTW, I undid my the shares I had created



Grasping at straws, I made a new website: UploadedMaterial

I opened MMC on Workstation 1

I connected to the server

I right-clicked Default Web Server and clicked New | Virtual Directory

I gave it the alias UploadedMaterial and pointed it to D:\UploadedFiles

I adjusted the .asp to look for the “directory” UploadedMaterial,

which terminated the update process prematurely because of ASP statement

If Not oFS.FolderExists(sPath) Then Exit Sub,

where sPath had the value UploadedMaterial

Suppressing that check led the error Path not found instead of the previous
Permission denied.



Thinking that perhaps my internet connection to IIS might have gotten
wrecked with all the changes I made, I gave IE the address http://MyServer,
which dutifully returned a page that include the line This is
D:\inetpub\wwwroot\default.asp, which is indeed in my default.asp folder in
the indicated directory, which is the directory assigned to my Default Web
Site.



Can you think of any other possible error of omission or commission I might
have made? As you chave no doubt observed, I don’t have much network
administration experience, despite decades of application-developer
experience.



Regards,

Richard Muller

 

[Ray at]

Hi Ray,

On my Windows2000AS/SP4 server,

in D:\UploadedFiles | Properties menu item | Security tab | Add button ==>
Select Users, Computers, or Groups dialog

"MachineName for Workstation 1" said to be in folder "MyDomain"/Computers
with a PC icon

"MachineName for Workstation 2" said to be in folder "MyDomain"/Computers
with a PC icon

"MachineName for Server" said to be in folder "MyDomain"/DomainControllers
with a PC icon

IUSER_"MachineName for Server"

No other IUSER_xxx

Is this a DC? What account is IIS running under (or that directory with
your asp file anyway)?

At least we know the drive is NTFS. Look, just give everyone full control
for a moment or two to determine if it is even a permissions issue. Do it
the simple way by entering this at the command prompt:

cacls D:\UploadedFiles /e /g everyone:f


If that works, remove everyone and then give the same permissions to the
IUSR account that your site is using.

Ray at home

 

[Richard Muller]

Hi Ray,

Is this a DC?

Yes, the Win2000 Advanced Server is a Domain Controller. It's running, as
I recall from the setup I implemented last year, a Windows 2000 network
with no sub-2000 machines allowed on it, e.g. Win98 or WinME.

What account is IIS running under (or that directory with your asp file

anyway)?

I don't know how to determine that. I'll try to figure it out tomorrow
sometime.

At least we know the drive is NTFS.

Absolutely: On the server, on a Win2000 workstation (#1) and on a WinXP/Pro
workstation (#2)

Look, just give everyone full control > for a moment or two to determine

if it is even a permissions issue. Do it the simple way by entering this
at the command prompt: cacls D:\UploadedFiles /e /g everyone:f

Will do tomorrow sometime.

If that works, remove everyone and then give the same permissions to the

IUSR account that your site is using.

OK. I assume you mean the one-and-only IUSR_[ServerName] account that I
mentioned.

Thank you very much for hanging in there with me as I wrestled with this
"alligator." I've definitely learned a lot, for which I'm grateful.

Regards,
Richard

 

[Ray at]

Hi Ray,


Yes

EEGS! ;]

the Win2000 Advanced Server is a Domain Controller. It's running, as
I recall from the setup I implemented last year, a Windows 2000 network
with no sub-2000 machines

Must be nice... I'm still stuck with some 95 machines and plenty of NT
machines.

anyway)?

I don't know how to determine that. I'll try to figure it out tomorrow
sometime.

Right click My Computer
Click Manage
Expand Services and Applications
Expand IIS
Expand your Web site
Right click on your directory with this asp file.
Click Properties
Click on the Directory Security Tab
Click the Edit button in "Anonymous access and authentication control
Click the Edit button in that dialog in the Anonymous access area (the
checkbox should be checked. If not, ignore the rest of this post and go
back and set permissions for domain users on that target directory)
Take note of the value in the Username textbox. It is probably
IUSR_nameOfDC. This would be a domain account.
Cancel or Esc out of everything.

To set the permissions for this target directory, enter this at the command
prompt.
cacls \\nameOfDC\d$\UploadedFiles /e /g
netbiosStyleDomainName\IUSR_nameOfDC:f

Thank you very much for hanging in there with me as I wrestled with this
"alligator." I've definitely learned a lot, for which I'm grateful.

No problem. I'll check back tomorrow.

Ray at home

 

[Richard Muller]

Hi Ray,

Without further ado, let me say SUCCESS!

EEGS! ;]

What's this? I asked Google: Environmental & Engineering Geophysical
Society
didn't seem quite right. Neither did Electroencephalograph.

But I did find :] on http://members.aol.com/bearpage/smileys.htm

Must be nice... I'm still stuck with some 95 machines and plenty of NT
machines.

I'd speculate that you're a network administator for a small company; if it
were a large company, it'd be more up-to-date. At least that's my
experience in decades of consulting in software development.

Thank's for the blow-by-blow description. I got the domain account
painlessly because of it.

To set the permissions for this target directory, enter this at the command
prompt.
cacls \\nameOfDC\d$\UploadedFiles /e /g
netbiosStyleDomainName\IUSR_nameOfDC:f

I puzzled over the code for a while because I didn't realize that part of it
was pseudo-code explaining the other pseudo-code. Happily, the cacls
command with no args presents a help list like a good netizen, so after a
few missteps I reached nirvana.

I long ago took a stab at going through NT Security, but it was dull and I
didn't have a pressing need for it, so I dropped it. This experience has
peeked my interest in it, so I just cracked open my copy of Inside Windows
NT, 1998 edition. Maybe I'll even get an up-to-date copy.

Anyway, thanks for all the help.

Stay in touch,
Richard Muller

 

[Ray at]

Hi Ray,

Without further ado, let me say SUCCESS!
Cool!

EEGS! ;]

What's this? I asked Google: Environmental & Engineering Geophysical
Society
didn't seem quite right. Neither did Electroencephalograph.

But I did find :] on http://members.aol.com/bearpage/smileys.htm

ha! No, "eegs" is another way of saying "Oh my God" or something. A quote
from a character on TV, Tony Dimera. Okay, I confess. I watch Days of Our
Lives.

I'd speculate that you're a network administator for a small company; if it
were a large company, it'd be more up-to-date. At least that's my
experience in decades of consulting in software development.

HA! I'm a programmer at a medium sized company (I guess). $2.7 billion
bank, which is medium sized.

I long ago took a stab at going through NT Security, but it was dull and I
didn't have a pressing need for it, so I dropped it. This experience has
peeked my interest in it, so I just cracked open my copy of Inside Windows
NT, 1998 edition. Maybe I'll even get an up-to-date copy.

Outstanding. Yeah, unfortunately, I don't think any IT career can be
performed in a vacuum. If you program, you have to understand networking,
permissions, domains, and other such things. And if you're a network admin,
you have to at least have a clue about how programming works. I hate when
the network admins say, "Can you write a script to install this
never-heard-of-before software package onto all the computers in the company
from the intranet?

Uh, no. Buy SMS. :]

Ray at home

 

[Richard Muller]

Okay, I confess. I watch Days of Our Lives.
No problem. I'm a West Wing junkie. IMHO, it's got the sharpest dialog
and most realistic scences of any series I've ever seen. The current
season's offering has lost some of the show's luster because a major cast
member and the show's creator are gone.

Yeah, unfortunately, I don't think any IT career can be
performed in a vacuum. If you program, you have to understand networking,
permissions, domains, and other such things.

I agree in general. However, I've almost always worked in large
institutions which had network administrators that prevented app developers
from making any changes to network configuration. That's why I've never
paid much attention to it. But I decided to put up a website on my own
server and eventually open it to the public. Hence the present need for
hands-on networking.

Buy SMS. :]

I'm not ready for mobile communications right now. I want to keep my on
website development with "traditional" access, along with good design to
make it attractive, good content to make it interesting and good security
to make it reliable. That's enough to worry about for one lone programmer
(with the technical support of my son, whose a high-level developer in a
national website, except he's mainly Linux and Unix rather than Windows, and
big packages like BEA rather than low-level development.)

I'm on a roll now, working to hook ASP into SQL Server 2000 right now. I'll
post another plea for help when that turns out to be problematical, but I
don't really anticipate any difficuly.

C'ya,
Richard

 

[Richard Muller]

Hey Ray,

I tried to access a SQL Server 7 database using ADO within ASP. I had
trouble getting it working, so I decided to install SQL Server 2000
Enterprise Edition over version 7, which failed (probably because of all the
security updates, etc. done in the past two years to the Win2000 Adv.
Server SP4 installation.

If you're still in the mood to help this humble programmer and up to speed
on the intricacies on SQL Server installations, please take a look at my
post :
"Recovery from failed SQL2000 update to SQL7 - How?" on the NG
"microsoft.public.sqlserver.setup".

Regards,
Richard