|
Home > Archive > 70-087 IIS4.0 > December 2000 > permissions question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
permissions question
|
|
|
| This answer totallly confuses me and I'm wondering if anyone can help to clarify? I really don't understand why, if the content directories have been configured to inherit the permissions assigned to their respective parent directories, that is seems to have no relevance in this scenario. Can anyone help?
Question:
Your company's Website had 2 content directories, /Products and /Specs, that are located under the physical path D:\Wwwroot\ on an IIS computer on the intranet. Mike, a field engineer has been assigned the NTFS permissions of NoAccess for the C:\Wwwroot directory, Full Control for the C:\Wwwroot\Products and Change for C:\Wwwroot\Specs. The /Products content directory has been assigned Read and Script permissions in IIS and /Specs has been assigned Directory Browsing permission only. Files in both content directories have been configured to inherit the permissions assigned to their respective parent directories. Which of the following actions can Jerry perform when using a Web browser on his client computer to connect to the company's Web site over the internet?
a) view files in the /Products directory
b) run scripts in /Product directory
c) browse contents of /Specs directory
d) view files in /Specs directory
Answer: a,b
I know there is some significance to the forward slashes vs. backward slashes. If anyone can enlighten me, I would be so appreciative!
| |
|
| The first thing I noticed is that Mike has been assigned the permissions, and the question asks what action can Jerry perform.
Is this a trick question?
------------------
Webmaster and founder of this site and of
<A HREF="http://www.cert21.com"" TARGET=_blank>Cert21.com</A>
MCSE+I, CNA, A+, N+, I-NET+ | |
|
| No ... just a typo. They are one and the same person. | |
|
| This question seems to point to understanding how IIS & NTFS permissions interact. In this case, He can not access /wwwroot directly, as he has No Access NTFS.
For /Products, Full Control NTFS vs. Read/Script IIS = Read/Script (most restrictive)
For /Specs, Change NTFS vs. Directory Browsing IIS = Directory Browsing
However, can't browse directories that you do not have read access to, so in effect you have no access privileges.
Because IIS permissions are set to be inherited, all subdirectories have these same permissions. Thus, no documents in /Specs can be opened. This does not come into play in this question.
Hope this helps!
oh... about the \ vs. /
Absolute path is:
"c:\yada\subyada\subsubyada"
In working with IIS, there are times when you relate paths relative to the virtual directory, thus:
"/subyada/subsubyada" where the virtual 'parent' directory of "/yada" is inferred.
------------------
Know why the other
answers are wrong
[This message has been edited by cltrin (edited 11-29-2000).] | |
|
| Wouldn't /Products and /Specs be under the parent directory of C:\Wwwroot which has been assigned no access? I think that's where I'm getting confused.
Thanks so much for your help! | |
|
| It is, however, the permission for the sub directories have been modified. The user has been granted NTFS No Access to the Parent directory, but was granted NTFS access to 2 specific sub directories.
Similar to situations where users have 'No Access' to a folder, but change access to a file in the restricted folder. If they specify the path to the file thay can still modify it. They just can not browse to it.
Thus, he can reach the sub directories, but he could not browse the parent directory or access files/folders in the parent directory that have not had NTFS access permissions specificly set.
Or, am I just nuts??? Nahhhhh <:
It's late, good luck. I'll check back in the morning before work and my IIS test.
[This message has been edited by cltrin (edited 11-30-2000).] | |
|
| I really do think you are right, but I am still wondering about that statement in the question that says that content directories have been configured to inherit the permissions assigned to their respective parent directories. Wouldn't that mean that the no access restriction of C:\Wwwroot\ would also apply to C:\Wwwroot\Products and C:\Wwwroot\Specs? Are the /Products and /Specs files different than the "\Product" and "\Specs"? Why the change from backward slash to forward slash? Thanks for all of your help! | |
|
| Inheritance only applies to IIS permissions. You can hand-set any permissions, thus overriding the inheritance.
When you reset permissions on an IIS directory, a list of the subdirectories pops that shows which ones can inherit, then you are asked to choose what ones should before you can complete changing the permissions.
This is something you should try on IIS if you can. Change permisions to directories, then 'browse' the site & see the results. | |
|
| Thank you! I am limited because I do not have IIS on my computer to play with, unfortunately. I would love to be able to try this for myself. Also, can you explain the reason for the backward slashes in the beginning of the question and the forward slashes at the end of the question? I know that forward slashes "point" to a location ... are they used to mean that they are ponted to directly? | |
|
| I'll take this one :-)...
The back slashes "\" are used in the DOS/Win environment, such as 'C:\WWWRoot\specs', which is the physical path.
The forward slashes "/" are Internet standards, which are based on Unix, such as 'http://www.company.com/specs'...the path '/specs' (Unix) refers to the physical location 'c:\wwwroot\specs' (DOS/Win).
Make sense?
-Troy, MCSE, MCP+I | |
|
| If it helps (and I got this from a tech trainer in Champaign, IL - THANKS Jon!)
To distinguish between back and forward slashes refer to back slashes as 'whacks' and forward slashes as 'slash'
So \\servername\share is 'whack, whack, servername, whack, share'
and www.company.com/spec is 'www.company.com, slash, spec'
Hope it helps :-)
-Troy, MCSE, MCP+I | |
|
| Thanks, Troy. So, if you scann way, way up to the original question, are the backslashes used in the beginning of the question just to explain physical location, and the are the forward slashes at the end of the question (/Product and /Spec) used because this is the way they will be found over the internet and on the IIS? | |
|
| I think I can nail this for you. Its a transcender question I've had I wont take full credit, this a very short version of there explanation.
only a+b correct, jerries effective permissions = NTFS + IIS apply most restrictive. Doing this we get products = read+script, specs = directory browsing.
However you cant browse without read permission!!!
a and b is all you got left!
N.B, Parent directory permission do not apply on NTFS in this case since product and specs have there own permissions applied.
Hope this helps.
IIS4 for me tommorow, last one! very nervous!
DD. | |
|
| Sherry,
Exactly, note in the question it says "physical" in realtion to "c:\wwwroot" and "content" in relation to "website"
The physical "\" is on the actual drive the content "/" is nothing more than a pointer from the website to the physical drive.
-Troy, MCSE, MCP+I | |
|
| Thanks, Troy, and also to everyone else who has answered my questions here. I think I've finally got it now!!! | |
|
| I was wondering if it was just a typo, or if there is supposed to be two different drives involved in this question? It says the directories reside on D:\ but the permissions are asigned to C:\. 
Did I miss something?
[This message has been edited by 6 Stringer (edited 12-04-2000).] |
|
|
|
|