ID: 34871 User updated by: giunta dot gaetano at sea-aeroportimilano dot it Reported By: giunta dot gaetano at sea-aeroportimilano dot it -Status: Feedback +Status: Open Bug Type: IIS related -Operating System: Windows 2003 +Operating System: windows 2003 PHP Version: 4.4.0 New Comment:
I tried to change every single bit of IIS and PHP configuration to my best, but of course I cannot be 100% sure... The hint that pointed me to file a bug was the aforementioned MS technet article, that explicitly states that IIS apps must call the RevertToSelf function, and I could find no trace of that call in the ISAPI source dir. PS: as a side note: 'impersonation' as mentioned in the php docs looks to be the reverse process of what I am trying to accomplish: one case is for websites that have guest access disabled and the scripts have to run with the privileges of the single user account used to log in into the website, the other is for websites with guest access enabled and the scripts have to run with app. pool account instead of iis guest account. Previous Comments: ------------------------------------------------------------------------ [2005-11-01 22:27:11] [EMAIL PROTECTED] Are you sure you're doing it the right way (tm) ? ------------------------------------------------------------------------ [2005-10-14 15:12:38] giunta dot gaetano at sea-aeroportimilano dot it Quick test: Anonymous access for IIS set to IUSR_XXX; App Pool user set to IWAM_XXX; set a .txt file permissions to 'read access only for IWAM_XXX' and called readfile() on it. ------------------------------------------------------------------------ [2005-10-14 15:04:03] [EMAIL PROTECTED] How did you determine that it isn't impersonating? ------------------------------------------------------------------------ [2005-10-14 14:56:53] giunta dot gaetano at sea-aeroportimilano dot it Description: ------------ I had a very hard time trying to figure out which user will be used to actually run the php processes on IIS 6+php isapi. The server is configured in non-IIS5-compliant security mode, and php runs fine, but it keeps using the windows user account configured for anonymous website access, instead of the user account set for the Application Pool connected to the website in question. All MS docs state that web apps run under the user account/using the privileges of the account defined for the App. Pool (by default NETWORK SERVICE). User comments on the online manual vary wildly: some users seem to have had success in using the app. pool user, some using the anonymous connection user. Docs at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/appisoa.mspx#EGAA indicate that in order for the web app to exibhit this behaviour, it has to call the he Win32API RevertToSelf function, of which I sould finnd no trace in the php source code, except for the FCGI module... Am I missing something? ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34871&edit=1
