Edventures in Normalcy

Running ColdFusion as A Separate User

Posted by Rose Bush on January 28th, 2016

ColdFusion needs to be limited, or in certain cased, granted more access, in the case of NAS shares, etc.

Defaults:
https://helpx.adobe.com/coldfusion/kb/running-coldfusion-specific-user.html

Way too open, give the user full control of:

“WebDocument Directory
c:\cfusion or c:\cfusionmx (and all subdirectories)
c:\winnt
c:\winnt\system32”

Okay, web root seems fine, the ColdFusion install directory seems fine. My OS installation folder, is not fine by me.

The first two give me a majority of what is needed, with few asides for other softwares:

Accounting for Fusion Reactor:
http://docs.intergral.com/display/FR455/Installing+FusionReactor+in+Locked+Down+Environments

I did find another person talking about the matter:
http://jochem.vandieten.net/2008/04/06/windows-file-permissions-for-the-coldfusion-account/

But they include ripping out existing permissions.

https://books.google.com/books?id=rI0OZhmcuc0C&pg=PT382&lpg=PT382&dq=Running+ColdFusion+as+a+specific+user&source=bl&ots=imQn_gDv_q&sig=QfRQ3DCqXzCNZ-sgcufo7iVtpxc&hl=en&sa=X&ved=0ahUKEwj-kMPvsKfKAhWGdj4KHQ7lAAsQ6AEIPTAE#v=onepage&q=Running%20ColdFusion%20as%20a%20specific%20user&f=false

 

Spoke to a coworker, the idea to add the ColdFusion user to the IIS_Users group which would inherently add permissions to the web locations.  Clean and direct, I like it.

Leave a Reply

Copyright © Edventures in Normalcy. All rights reserved.