2

This isn't a question on my specific problem, as I've got that more or less solved, but about IIS/Python and user accounts in general.

I have python scripts that I'm running with IIS 7.5 (Mercurial using the hgweb.wsgi script). One of the plugins (largefiles) is getting permission trouble reading and writing files.

The script was trying to write files to a temporary directory, by checking the APPDATA and LOCALAPPDATA environment variables, which were returning C:\Windows\System32\config\systemprofile\AppData\Local, and failing due to permissions.

I tried printing the USERNAME environment variable, but no matter what user I set in the IIS application pool's Identity, it always returned MACHINENAME$

So how can I run python scripts in IIS so that the environment variables point to the correct user's home location? Or is this just a developer error (Hg didn't have the permissions problem, only the largefiles extension)?

In addition, when I originally had the repos in C:/Data, the files written by largefiles to that directory have a lock icon and the permissions were SYSTEM: full control and Administrators: full control, with the owner set to Administrators (the group, not the administrator user). After writing the file, it could no longer be read. Even if I gave Everyone full control of the C:/Data directory, new files would still be locked unless I manually edited the permissions. Again, Hg didn't have this problem, only the files written by largefiles.

carpat
  • 1,035
  • 2
  • 8
  • 14
  • What OS is being used? – unhappyCrackers1 Jul 03 '12 at 15:23
  • IIS 7.5, Windows Server 2008 R2 – carpat Jul 03 '12 at 15:27
  • Check the UAC event log (Applications and Services Logs\Microsoft\Windows\UAC\Operational). Do you see events stating "The process failed to handle ERROR_ELEVATION_REQUIRED"? – unhappyCrackers1 Jul 03 '12 at 15:33
  • Nope, 0 events. – carpat Jul 03 '12 at 15:40
  • What is the app pool identity? I think you need to change permissions or the user. See here: http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx – unhappyCrackers1 Jul 03 '12 at 15:48
  • I've tried setting the app pool identity to both the built-in accounts and custom accounts, in each case the environment variables return `C:\Windows\System32\config\systemprofile\AppData\Local` for `APPDATA` and `MACHINENAME$` for the `USERNAME`, and in each case the permission errors still showed up. – carpat Jul 03 '12 at 15:51

1 Answers1

0

Try using Process Monitor to get to the bottom of the permissions issues.

You can use the tool to see what user is trying to access the file as what process and other important details that are handy for troubleshooting IIS permissions.

unhappyCrackers1
  • 977
  • 1
  • 6
  • 18