ColdFusion needs to be limited, or in certain cased, granted more access, in the case of NAS shares, etc.
Defaults:
https://helpx.adobe.com/coldfusion/kb/running-coldfusion-specific-user.html
Way too open, give the user full control of:
“WebDocument Directory
c:\cfusion or c:\cfusionmx (and all subdirectories)
c:\winnt
c:\winnt\system32”
Okay, web root seems fine, the ColdFusion install directory seems fine. My OS installation folder, is not fine by me.
The first two give me a majority of what is needed, with few asides for other softwares:
Accounting for Fusion Reactor:
http://docs.intergral.com/display/FR455/Installing+FusionReactor+in+Locked+Down+Environments
I did find another person talking about the matter:
http://jochem.vandieten.net/2008/04/06/windows-file-permissions-for-the-coldfusion-account/
But they include ripping out existing permissions.
Spoke to a coworker, the idea to add the ColdFusion user to the IIS_Users group which would inherently add permissions to the web locations. Clean and direct, I like it.
Leave a Reply