如何允许IIS APPPOOL \默认应用写入到C:\的Inetpub \ wwwroot的挂载点

问题描述 投票:0回答:1

我创建它采用了微软/ ASPNET的新的Windows泊坞窗撰写:4.6.2图像。我使用了针对c卷:\的Inetpub \ wwwroot文件被映射为C:在主机服务器上\网站\默认。

正在运行的ASP.Net文件成功地检索创造/写文件的文件,但文件。我得到以下异常:System.IO.IOException: 'Trying to write to forbidden path: C:\inetpub\WWWRoot\agenda.css.'

我试过如下:

  • 设置完全进入大家C:在主机服务器上\网站\默认
  • 添加使用ICACLS的所有权利(见下文dockerfile)。这里是输出(Get-acl c:\inetpub\wwwroot\).AccessFileSystemRights : FullControl AccessControlType : Allow IdentityReference : Everyone IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\IIS_IUSRS IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : -1610612736 AccessControlType : Allow IdentityReference : BUILTIN\IIS_IUSRS IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : IIS APPPOOL\DefaultAppPool IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT SERVICE\TrustedInstaller IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : NT SERVICE\TrustedInstaller IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Users IsInherited : True InheritanceFlags : None PropagationFlags : None FileSystemRights : -1610612736 AccessControlType : Allow IdentityReference : BUILTIN\Users IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly FileSystemRights : 268435456 AccessControlType : Allow IdentityReference : CREATOR OWNER IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : InheritOnly
  • 我用procmon中的主机服务器上,无法看到试图写文件时的任何条目

Docker files

泊坞窗 - 撰写:

services:
  core:
    image: core
    build:
      context: .
      dockerfile: ./core/dockerfile
    volumes:
      - C:/site/Default/:c:/inetpub/wwwroot:rw
    ports:
      - "8000:80"
      - "4020-4024:4020-4024"
    environment:
      DatabaseType: SqlServer
      ConnectionString: Server=sqldata;User ID=sa;Password=pAssword123;Database=Default;MultipleActiveResultSets=True
    depends_on:
      - sqldata

  sqldata:
    ...

dockerfile:

FROM microsoft/aspnet:4.6.2

# Also tried the bellow command with /l
RUN icacls --% "C:\inetpub\wwwroot" /grant Everyone:(OI)(CI)F /t
asp.net windows docker symlink docker-volume
1个回答
0
投票

对于一些原因IUSR有权在容器中的文件夹的任意位置书写除了C:\inetpub\wwwroot(映射与否)。 IIS从编写到这个特定的路径阻止。

我结束了创建从dockerfile使用另一个物理路径,一切都会按目前预计的应用程序:

FROM microsoft/aspnet:4.6.2

RUN C:\Windows\system32\inetsrv\appcmd.exe set app \"Default Web Site/\" /physicalPath:C:\SomeOtherMountPoint
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.