Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Remove folder ACL logic

  • Loading branch information...
commit b8dbdb65ebe53ea3aec548912e46d81af7c0c7ca 1 parent 5f88c41
@davidebbo davidebbo authored
Showing with 0 additions and 83 deletions.
  1. +0 −83 Kudu.SiteManagement/SiteManager.cs
View
83 Kudu.SiteManagement/SiteManager.cs
@@ -180,9 +180,6 @@ public void DeleteSite(string applicationName)
string appPoolName = GetAppPool(applicationName);
IIS.ApplicationPool kuduPool = iis.ApplicationPools[appPoolName];
- // Make sure the acls are gone
- RemoveAcls(applicationName, appPoolName);
-
if (kuduPool == null)
{
// If there's no app pool then do nothing
@@ -270,8 +267,6 @@ private IIS.ApplicationPool EnsureAppPool(IIS.ServerManager iis, string appName)
kuduAppPool.AutoStart = true;
kuduAppPool.ProcessModel.LoadUserProfile = true;
kuduAppPool.WaitForState(IIS.ObjectState.Started);
-
- SetupAcls(appName, appPoolName);
}
return kuduAppPool;
@@ -305,84 +300,6 @@ private List<String> GetDefaultBindings(string applicationName, string baseUrl)
return siteBindings;
}
- private void RemoveAcls(string appName, string appPoolName)
- {
- // Setup Acls for this user
- var icacls = new Executable(@"C:\Windows\System32\icacls.exe", Directory.GetCurrentDirectory());
-
- string applicationPath = _pathResolver.GetApplicationPath(appName);
-
- try
- {
- // Give full control to the app folder (we can make it minimal later)
- icacls.Execute(@"""{0}"" /remove ""IIS AppPool\{1}""", applicationPath, appPoolName);
@davidfowl Collaborator

I think this is required. The kudu process needs access to the app folder. I ran kudu today on an azure vm and got a permissions error trying to access the deployments folder.

@davidebbo Owner

What do you think is different between your Azure VM and our dev machines? I didn't see that problem.

@davidebbo Owner

Given that Kudu and the site are in the same AppPool, I would think that if the site has access, Kudu should have it too, no?

@davidfowl Collaborator

Lemme take another look at this again. Maybe neither have access. It all depends on where the app ends up I guess

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- }
-
- try
- {
- icacls.Execute(@"""{0}"" /remove ""IIS AppPool\{1}""", _pathResolver.ServiceSitePath, appPoolName);
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- }
-
- try
- {
- // Give full control to the temp folder
- string windowsTemp = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "Temp");
- icacls.Execute(@"""{0}"" /remove ""IIS AppPool\{1}""", windowsTemp, appPoolName);
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- }
- }
-
- private void SetupAcls(string appName, string appPoolName)
- {
- // Setup Acls for this user
- var icacls = new Executable(@"C:\Windows\System32\icacls.exe", Directory.GetCurrentDirectory());
-
- // Make sure the application path exists
- string applicationPath = _pathResolver.GetApplicationPath(appName);
- Directory.CreateDirectory(applicationPath);
-
- try
- {
- // Give full control to the app folder (we can make it minimal later)
- icacls.Execute(@"""{0}"" /grant:r ""IIS AppPool\{1}:(OI)(CI)(F)"" /C /Q /T", applicationPath, appPoolName);
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- }
-
- try
- {
- icacls.Execute(@"""{0}"" /grant:r ""IIS AppPool\{1}:(OI)(CI)(RX)"" /C /Q /T", _pathResolver.ServiceSitePath, appPoolName);
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- }
-
- try
- {
- // Give full control to the temp folder
- string windowsTemp = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "Temp");
- icacls.Execute(@"""{0}"" /grant:r ""IIS AppPool\{1}:(OI)(CI)(F)"" /C /Q /T", windowsTemp, appPoolName);
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- }
- }
-
private int GetRandomPort(IIS.ServerManager iis)
{
int randomPort = portNumberGenRnd.Next(1025, 65535);
@davidfowl

I think this is required. The kudu process needs access to the app folder. I ran kudu today on an azure vm and got a permissions error trying to access the deployments folder.

@davidebbo

What do you think is different between your Azure VM and our dev machines? I didn't see that problem.

@davidebbo

Given that Kudu and the site are in the same AppPool, I would think that if the site has access, Kudu should have it too, no?

@davidfowl

Lemme take another look at this again. Maybe neither have access. It all depends on where the app ends up I guess

Please sign in to comment.
Something went wrong with that request. Please try again.