Open utdream opened 4 years ago
Confirmed by the Lucee community. Need to get this fixed.
Was not able to get to this in Lucee 5.3.6.061 pl0 like I had planned. Will implement when I have more time.
Jordan, I had an idea: If by default the webcontextes are set to be created outside the webroots in the web.xml like this:
<init-param>
<param-name>lucee-web-directory</param-name>
<param-value>./webcontexts/{web-context-label}/</param-value>
<description>Lucee Web Directory (for Website-specific configurations, settings, and libraries)</description>
</init-param>
This would get rid of the permission problem, because the directory would get created on the fly within the installer folder. But, I still don't know if this would cause further impact somehow. But my quick tests worked like a charm AND it would enhance security. Have to test is deeper though. This should work on linux installations also, because it's a relative path.
This would close https://github.com/viviotech/lucee-installer/issues/97 https://github.com/viviotech/lucee-installer/issues/97
This was reported by an Engineer at Vivio:
I just did a new installation of Lucee 5.3.4.080-pl0 onto Windows 2016. Lucee is running under the Local Service account. However, the installer didn't grant permissions on the C:\inetpub\wwwroot\Default Web Site or C:\inetpub\wwwroot directory to the Local Service account, which is needed for Lucee to be able to create the usual directories that Tomcat expects: C:\inetpub\wwwroot\Default Web Site\WEB-INF
Thought I'd let you know.