Lockdown Installer does not use inheritance for file permissions| View in Tracker
Reporter/Name(from Bugbase): Peter Freitag / ()
Failure Type: Usability Issue
Found In Build/Fixed In Build: Public Beta / 311532
Priority/Frequency: Normal / All users will encounter
Locale/System: ALL / Win 2016
Vote Count: 1
Problem Description: When the lockdown installer runs it sets file system permission individually on each file within the web root and ColdFusion directory. Ideally it should just set the file system permissions on the top level directory and then have all the subfolders and files inherit from this parent directory. This becomes a problem for example if you add a new file to the web root after you run the lockdown installer - the file will not have permissions to be served by IIS or executed by ColdFusion, so you will have to set each file permission individually - this will be too cumbersome for users and they will end up setting permissions for Everyone to get things to work (a step backwards). If I were doing this in the windows explorer I would right click on the folder go to the security tab and then Advanced - I would click Disable Inheritance (to create a new root of inheritance for the parent folder, I want everything under it to actually inherit from this) and then check the checkbox that says "Replace all child object permission entries with inheritable permission entires from this object". Steps to Reproduce: Create a website and run Lockdown Installer. Now add a new file to the website after running the lockdown installer, you will get an IIS permission error. Actual Result: File system becomes difficult to work with Expected Result: Use inheritance whenever possible so new files are given the appropriate permissions. Any Workarounds: User can monkey with permissions after lockdown installer runs, but that defeats the purpose of having it do it for you.