I believe that this is more of an NT permissions thing than an IIS permissions thing.
For those who have no clue about this, permissions in 2k and XP are based on ACLs. The basic options for permissisions are as follows (each category can be allowed, denied, or neither): * Full Control * Modify * Read & Execute * List Folder Contents * Read * Write * Special Permissions (According to the properties dialog in XP Pro) The full list of perms are: * Full control * Traverse Folder / Execute File * List Folder / Read Data * Read Attributes * Read Extended Attributes * Create Files / Write Data * Create Folders / Append Data * Write Attributes * Write Extended Attributes * Delete Subfolders and Files * Delete * Read Permissions * Change Permissions * Take Ownership
Some of the special NT "security objects" are CREATOR OWNER and CREATOR GROUP. These substitute for the *nix USER and GROUP.
"Everyone" is a special group meaning all users.
(I'm adding this to http://meta.wikimedia.org/wiki/NT_permissions_overview) On 6/10/05, Rowan Collins rowan.collins@gmail.com wrote:
On 10/06/05, Arthur Guy arthur@astarsolutions.co.uk wrote:
I have got Media Wiki installed and working on an IIS server, today I decided to take a look at the file permissions for the instillation and I found that the everyone group had full permission, I removed this and added IIS User giving it read permission; unfortunately the site now doesn't work when you try and edit a page and error is returned.
Try giving the IIS user Full Control and everyone Read and List.
What error?
Well, I have no knowledge of IIS and suchlike, so I may not be much help, but:
- is there such a thing as an "execute" permission, like there would be on *nix?
Kinda, but I am unsure of how exactly it difers from just Read.
- the page editting shouldn't cause anything to be written to the file
system, only to the MySQL database; the only directory that needs to be writable is the "images" one, IIRC (some versions try to compile the skin template on first run and save that somewhere, but I forget where and recent versions don't bother with this).
I'm assuming that the MySQL server runs as a different user from IIS.
The PHPTAL skin compilation is only done in v1.3. It compiles to some odd temporary directory. I think this would happen on first view.
- the other way editting would be different from viewing is caches of
various sorts - are you sure the wiki can actually output fresh content if you by-pass your browser cache etc?
Especially if you are using an SHM (like Turck or eAccelerator). Otherwise, I think caching is done through MySQL.
In fact, perhaps the most helpful thing (which people so rarely think to do) would be to say exactly *what* error is returned, in case someone on the list knows what it means, or can deduce.
Yes! What's the error? It's akin to telling your mechanic, "My car doesn't work. How do I fix it?"