Knowledge Essentials - 3Essentials Hosting

Permissions for IWPD user removed

Article ID: 976

 Back to Search

Symptom:
  • You have an ASP.net based site (commmonly DNN) which requires MODIFY permissions for the IWPD user and suddenly DNN cannot create files for adding a module, skin, etc.
  • You use the ISAPI Filter based URL Rewrite tool which 3Essentials installed in your cgi-bin folder, and added READ permissions for the IWPD user in order to make it function.
  • Some feature stopped working on your site, and the Support team corrected the issue, indicating that "modify permissions for the IWPD user needed to be reapplied".
Information:
  • Background: Plesk uses two different web-users for each website for the configurable website identies within a Windows/IIS hosting platform.  :
    • an IUSR user, for the anonymous user identity, used for accessing/executing your site's HTML, PHP-cgi, and ASP based files.
    • an IWPD user, for the site's application pool identity, used for accessing/executing your site's ASP.net based files.
  • Some website applications will require MODIFY permissions to the website's directory structure in order for the website application to create/modify/delete files within the site's directory structure, for example with a DNN site, to add files for a new skin, module, images, etc.
  • Plesk provides a method within the control panel to enable MODIFY permissions for the IUSR account.  But does NOT provide a method within the control panel to enable MODIFY permissions for the IWPD user. As a result, when required, MODIFY permissions for the IWPD users must be added manually by a server administrator.
  • Around version 8.x of Plesk, Plesk also began tracking permissions settings on domain's directory structure, so that it could reapply them if/as necessary.   Since MODIFY permissions for the IWPD user were added manually, outside of Plesk, Plesk is unaware they exist.  This RESULTS in Plesk REMOVING the necessary MODIFY permissions which were manually added by the system administrator in support of the customer/application's needs, when the customer later makes a change in plesk which causes plesk to reapply permissions (which it does with many plesk functions).
  • 3essentials characterizes this as a design flaw within plesk, since Plesk provides no way to add necessary MODIFY permissions for the IWPD user, and does not recognize those permissions if added manually.  Obviously plesk recognizes the need for MODIFY permissions, as Plesk has the ability to add those permissions for the IUSR.  This particular combination results in the problem only affecting the IWPD account, and therefore, only ASP.net applications.  This is a widely known and recognized issue by Plesk for Windows hosting providers.  3Essentials has also communiicated the bug to Plesk developers, and as of the writing of this article, Parallels, the developer of Plesk, have yet to correct the issue.
  • This issue has the largest impact because it affects DNN sites, which require the additional MODIFY permissions for the IWPD user when adding files, adding a module, skin, or other extensions.

 RESOLUTION:   (NEW!)

As of 03/12/2010, 3Essentials has identified a method for preventing Plesk from removing the IWPD user permissions, but this modification has to be applied manually on your domain.  If you've been affected by this problem, please contact the support team referencing what you're experiencing as well as this KB article number. 

As of this date, any time 3Essentials adds MODIFY permissions to a domain at a customer's request (for an DNN installation or other), we will also put this modification in place to ensure the permissions for the IWPD user are not removed in the future by plesk. 

 
Downloads Associated With This Article
No downloads are currently associated with this article.