Set or change an Azure App Service file or folder permission


I was using FileZilla to try to change the file permissions and I got this error:

Status:	Setting permissions of '/site/wwwroot/index.html' to '644'
Command:	SITE CHMOD 644 index.html
Response:	500 'SITE': command not understood
Status:	Setting permissions of '/site/wwwroot/index.html' to '755'
Command:	SITE CHMOD 755 index.html
Response:	500 'SITE': command not understood

Then I started looking from some information about this and wasn’t able to get a clear understanding or message.  I did find numerous articles and the Azure App Services forum:

My first reaction was to look into changing the permission using chmod, but that didn’t turn out to be the right direction.  As you can see in Figure 1, running CHMOD 777 on the index file did not result in any change, so although the command seemed to execute successfully, nothing changed.

image

Figure 1, changing file permission on an Azure App Service, chmod

When I ran the attrib command and set the file to read-only, as described here, it apparently worked.

image

Figure 2, changing file permission on an Azure App Service, attrib

Then I attempted to modify the file and got this error, also show in Figure 3.

ERROR

409 Conflict: Could not write to local resource 'D:\home\site\wwwroot\index.html' 
due to error 'Access to the path 'D:\home\site\wwwroot\index.html' is denied.'.

image

Figure 3, changing file permission on an Azure App Service, attrib +r

At those links provided above, David Ebbo stated “Only the site owner is allowed to publish to the site, e.g. using FTP or GIT.  At runtime, your app is allowed to write to the file system. If the logic in your app allows users to upload files, and then write those files to the file system, then they will be written.  So obviously, if you write such app, you want to be careful what you write on behalf of users. But users themselves don’t have any intrinsic rights to write anywhere.”  And Jim Cheshire stated “The ACLs on your site’s folders are set using an application pool identity, the SID of which is dynamically injected into the process when it starts. This security model is different from the Unix-based environment that your plugin is expecting, and it provides a more secure environment.”

I take it to mean the ACL and SID features.  Have a read about Access Control Lists (ACL) here.  Have a read about Security Identifiers (SID) here.

I interpret both statements to mean that you do not need to set file permissions by default.  If you have coded something in your application that warrants changing file permissions then that is another matter.

I’d be interested in learning about any web based scenario where file permissions needed to be specifically set.  Leave a comment if you have one.

Comments (0)

Skip to main content