'Container File Permissions in Windows Container
I've got a Windows Docker container (microsoft/aspnet) that is hosting a simple Web API. The web API accepts files from a form, saves them in a temp folder, does some processing, and then returns the result.
This works fine when deployed locally, but when done in my Docker container, I get a file permissions error on my temp folder (App_Data).
Is there a way to grant the IIS user the code is running as access to this file, or to open up the folder to any user for read/write access?
Current Docker file is below:
FROM microsoft/aspnet
COPY ./Deploy/ /inetpub/wwwroot
RUN mkdir /inetpub/wwwroot/App_Data
Error message snippet I get running API from docker image:
"InnerException":{"Message":"An error has occurred.","ExceptionMessage":"Access to the path 'C:\\inetpub\\wwwroot\\App_Data\\BodyPart_481b6424-f9a5-4608-894d-406145a48445' is denied.","ExceptionType":"System.UnauthorizedAccessException"
It looks like there is a bug open on the aspnet-docker github about this same issue. [link]
In the meantime, it looks like running cacls App_Data /G IIS_IUSRS:F after starting the container fixes the issue temporarily.
Solution 1:[1]
I can't comment as I don't have enough reputation, but if the answer by @Darendal doesn't work (which it did not for me), then try this syntax
RUN icacls C:\inetpub\wwwroot\App_Data /grant "BUILTIN\IIS_IUSRS:(OI)(CI)F" /t
Solution 2:[2]
My dockerfile did not accepted any of the other answers. Below is one more alernative.
FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8
SHELL ["powershell"]
RUN & ICACLS "'C:\inetpub\wwwroot\App_Data' /grant 'IIS APPPOOL\DefaultAppPool:(OI)(CI)F' /T"
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | mybrave |