X-Cart:How to configure access file permissions on Windows Server?
When you are installing or updating the software under Windows, the IUSR_<computername> user must be given appropriate permissions on the file system to be able to modify files in the x-cart directory and its subdirectories or to run perl and upgrades etc.
There are several ways to configure permissions:
1. Turn off simple file sharing (in the Explorer menus, under "Folder Options" -> Tab: View), then set the permissions using the normal Security tab in Windows.
2. Use a built-in 'cacls' command to allow anonymous user necessary access. This way "simple file sharing" may remain active but still user can be granted necessary privileges. This commandline allows you to change permissions on x-cart directory and all its subdirectories::
cacls c:\inetpub\wwwroot\xcart /E /G <computer>\\IUSR_<computer>:C
The <computer> string should be replaced with the name of your computer.
It is the C at the end after the colon that means setting 'Change' permission.
Here is more information on permissions on Windows
The permissions on Windows systems are all selectable with two boxes which are:
- Allow - Grant the permission.
- Deny - Any denied permission for a group or user will override any allow permission, even if the user is in a group that is granted that permission.
If neither box is checked, the permission is not granted for the user or group, but if the user is in another group that has the permission, it will not be denied. Normally, if a user is a member of several groups that have different levels of permissions to an object, the least restrictive permissions apply unless the user, or one of their groups have the no access box checked for that permission.
Standard File and Folder Permissions
- Read(R) - View attributes, contents, and permissions. Can synchronize.
- Write(W) - Can change attributes, and file contents. Can create files or folders. Can synchronize.
- Read(R) and Execute(E) - Can change sub folders, perform read operations, and execute a file.
- List Folder Contents - Can perform read and execute permissions on folders. Can view folder contents, attributes, permissions. Can synchronize and change to subfolders.
- Modify - Perform Read, Execute, and Write permissions along with ability to delete.
- Full Control - Can perform Modify functions (above), take ownership, and modify permissions.
Permissions assigned to directories are inherited (default) by all files and subdirectories that are contained in the directory. The inheritance option, selected by default, may be deselected. Each file or directory has an Access Control List (ACL). To set permissions for additional users or groups, they are added to the ACL of the file or directory. Windows Explorer or the Cacls command line utility can be used to set permissions.
Special File and Folder Permissions
On the file or folder properties dialog, click the "Security" tab and the "Advanced" button to assign special file or folder permissions.
- Traverse Folder/Execute File - .
- List Folder/Read Data - .
- Read Attributes - The user can read the attributes (archive, compress, hidden, etc.) of the file, but not read the contents of the file.
- Read Extended Attributes - .
- Create Files/Write Data - .
- Create Folders/Append Data - .
- Write Attributes - .
- Write Extended Attributes - .
- Delete Subfolders and Files - .
- Delete - The user can delete the file.
- Read Permissions - The user can read the file.
- Change Permissions - Lets the user change permissions for the file, but not view or change the contents of the file.
- Take Ownership - The user can take ownership of the file, but can't give it back.
These permissions can be applied to directories, files, and subdirectories with one of the following selections:
- This folder, subfolders and files
- This folder only
- This folder and subfolders
- This folder and files
- Subfolders and files only
- Subfolders only
- Files only