I am running my application on AKS, and have istio on top of kubernetes to add extra control over the services. However for controlling https request at the istio ingress level, I need to specify a key and certificates. To do this, according to istio traffic docs, we required to have the two files in the /etc folder. When I try to create any files outside my home directory, it gives me a permission denied. I tried chmod change and tried to change the user to root. Currently when I check the user id, it gives 95** (so not root). Is there a way to get root access or an alternate way to control https in istio. The Image shows the istio yaml file where I need to add the /etc/istio/files
Related
I saw a recommendation in an article on website security that separate websites running on a web server should be running under separate users for containment, and to limit a breach on one site leading to infection of the other sites.
I am running an Ubuntu 20.04 LAMP server with public internet exposed personal websites. They are set up as virtual hosts in Apache under /var/www/, but all are running using the standard www-data:www-data user and group. How would it work to run them under different user accounts?
Do I simply create a new user & group, then chown the /var/www/directory to be owned by that user? How would that work with allowing Apache permissions to write to the sub-dirs then for patches, uploads, etc?
Apache has it's own user and group (www-data or others according to the distribution it's runnin on). To achieve what you want, you need to create a user for each virtualhost and make sure apache can read/write file/folders owned by this new user for example putting apache group into the new user's group (or the other way around, according to how you want to handle permissions).
The logic "behind" is exactly the same you use to handle linux users and group permissions.
I have an Azure WebSite ... MyApp
This naturally places my application at http://MyApp.AzureWebSites.net
I also have a domain ... http://MyWebSite.com
I understand that I can upgrade my App Service Plan to one which includes Custom domain name support which will allow me to position my app at http://MyWebSite.Com/MyApp
What I would like to do is to position MyApp in a different location.
I'd like to be able to access it via http://MyWebSite.com/SomeOtherFolder/MyApp
For bonus points, I'd like to be able to access it via http://MyWebSite.com/SomeOtherFolder/SomeOtherAppName
So how can I use the Azure portal to specify the endpoint for my application?
If you upload your site on a custom domain the default url is MyWebSite.com
For put other site in a diferent folder into the domain origin (MyWebSite.Com/MyApp), use FileZilla for update the files after create MyApp folder into /site/wwwroot:
https://blogs.msdn.microsoft.com/kaushal/2014/08/01/microsoft-azure-web-site-connect-to-your-site-via-ftp-and-uploaddownload-files/
And if create another folder into MyApp (http://MyWebSite.com/SomeOtherFolder/SomeOtherAppName) looks like (/site/wwwroot/SomeOtherFolder/SomeOtherFolder )
I'm trying to simply run a local website which has sime basic HTML files using IIS.
Through the IIS Manager I have created a new website and have set the physical path to the directory with the HTML files.
However when I input the physical path I get the following warning:
The server is configured to use pass-through authentication with a
built-in account to access the specified physical path. However, IIS
Manager cannot verify whether the built-in account has access. Make
sure that the application pool identity has Read access to the
physical path. If this server is joined to a domain, and the
application pool identity is NetworkService or LocalSystem, verify
that \$ has Read access to the physical path.
Then test these settings again.
Now, when I navigate to the site through localhost I get the following Unauthorized error:
You do not have permission to view this directory or page because of
the access control list (ACL) configuration or encryption settings for
this resource on the Web server.
What's going on here? When I right click my folder I seem to have given access to everyone. I haven't made any specific IIS changes so what could be the issue here?
EDIT:
MAN I cannot believe this. My case is so simple (I just wanna display some HTML files on localhost) which should require ZERO configuration at all. Yet IIS fails to meet the demand.
EDIT: I think everyone should have permission to my folder. Here's a picture of the permissions screen for the folder:
Working with a set of server protocols is different than adding files to a share. In this case, you're going to want to open IIS and navigate to the website you added it as.
There, you'll see a variety of icons, some under the heading of ASP.NET, some under IIS. The first heading you'll see under IIS is Authentication. That's the one you want. If this is strictly internal/for learning, go ahead and enable Anonymous Authentication. It's not safe, but it'll get you in the right place to start googling around.
I am trying to have my local website within dropbox using IIS. When I add the dropbox directory I get the error: The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that \$ has Read access to the physical path.
I am admin and have allowed all access to the dropbox folder. What is wrong?
You should add IIS user account to the list of users who are allowed to view/read the files. IIS usually runs via separate user account for security reasons.
This is done the following way:
Right-click on your site folder in Dropbox
Select "Security"
Click "Add"
Find IUSR user and/or IIS_IUSRS group
Add them both (or one, if only one is present) and assign them read permissions
Try adding your site folder again.
This should fix the issue.
I have a shared folder on a server that contains some files I want to be able to serve through IIS on a separate server.
I created a virtual directory pointing to the the shared folder in IIS, and have it use windows authentication.
The shared folder has "Everyone" set to have read permissions. When I try to open a file through localhost on the iis server, everything loads correctly, however when I substitute localhost with the actual name of my iis server it brings up an error
You do not have permission to view this directory or page due to the access
control list (ACL) that is configured for this resource on the Web server.
I opened up process monitor and saw I was getting Access Denied when the Network Service account (the account my app pool is set to run as) was being denied read permissions to the virtual directory. I implicitly added network service to the security permissions with read and write permissions and I still get the same error.
Any ideas what I could be doing wrong?