Symptom:
- You have an ASP.net based site which requires MODIFY permissions for the IWPD user
- Some feature stopped working on your site, and the Support team corrected the issue, indicating that "permissions for the IWPD user needed to be reapplied".
Information:
Background:
-
Each site has multiple unique users associated with it:
- FTP user
- An IUSR user, used for accessing/executing your site's HTML, PHP, and ASP based files.
- An IWPD user, used for accessing/executing your site's ASP.net based files.
- MODIFY permissions for the IWPD user can be removed due to a design flaw in Plesk. Around version 8.x of Plesk, Plesk began tracking permissions settings on each domain's directory structure, so that it could reapply them if/as necessary. Unfortunately, Plesk doesn't allow us to set the necessary permissions with the IWPD_user within plesk itself, so we set them manually outside of plesk. As a result, any subsequent changes in plesk, which cause it to reapply permissions, it removes that permission for the IWPD user we set manually.
- IWPD permissions may be required for ASP.net applications which need to create or modify files (uploading skins, modules, and/or other files) and for the URL Rewrite ISAPI Filters. If Plesk removes these permissions, ASP.net applications will still function for operations that require READ access to the site files, but if any create/modify/delete operations occur, the ASP.net application will experience an ACCESS DENIED error.
- What types of changes in plesk trigger it to reapply permissions, thus removing the manually added IWPD user permissions? The most common item is any change within the SETUP options for the domain... i.e., FTP password change, changing version of ASP.net or PHP, enabling/disabling custom error documents, etc). There may be other options within the control panel which also trigger the permissions reset.
- To date, this has not been resolved in any version of Plesk.
- This issue has the largest impact because it affects DNN sites, which require the additional MODIFY permissions for the IWPD user when adding files, adding a module, skin, or other extensions.
RESOLUTION:
As of 04/01/2011, DNN4Less Support Staff has identified a method for preventing Plesk from removing the IWPD user permissions, but this modification has to be applied manually on your domain. If you've been affected by this problem, please contact our support team.
From now on, any time DNN4Less Support Staff adds MODIFY permissions to a domain at a customer's request (for an DNN installation or other), we will also put this modification in place to ensure the permissions for the IWPD user are not removed in the future by plesk.
Senior Engineer Jessie
Comments