我正在创建一个使用 microsoft / aspnet:4.6.2 映像的新Windows docker compose。我正在使用 c:\ inetpub \ wwwroot 的卷,该卷与主机服务器上的 C:\ site \ Default 映射。
正在运行的ASP.Net文件成功检索文件,但在创建/写入文件时检索文件。我收到以下异常:System.IO.IOException: 'Trying to write to forbidden path: C:\inetpub\WWWRoot\agenda.css.'
我尝试了以下操作:
将所有人的完全访问权限设置为主机服务器上的 C:\ site \ Default
使用icacls添加所有权限(请参阅下面的dockerfile)。这是(Get-acl c:\inetpub\wwwroot\).Access的输出:
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : Everyone
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
FileSystemRights : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : BUILTIN\IIS_IUSRS
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : -1610612736
AccessControlType : Allow
IdentityReference : BUILTIN\IIS_IUSRS
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : IIS APPPOOL\DefaultAppPool
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT SERVICE\TrustedInstaller
IsInherited : True
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : NT SERVICE\TrustedInstaller
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly
FileSystemRights : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : BUILTIN\Users
IsInherited : True
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : -1610612736
AccessControlType : Allow
IdentityReference : BUILTIN\Users
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly
FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : CREATOR OWNER
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly
我在主机服务器上使用了ProcMon,尝试写入文件时看不到任何条目
docker-compose:
services:
core:
image: core
build:
context: .
dockerfile: ./core/dockerfile
volumes:
- C:/site/Default/:c:/inetpub/wwwroot:rw
ports:
- "8000:80"
- "4020-4024:4020-4024"
environment:
DatabaseType: SqlServer
ConnectionString: Server=sqldata;User ID=sa;Password=pAssword123;Database=Default;MultipleActiveResultSets=True
depends_on:
- sqldata
sqldata:
...
dockerfile:
FROM microsoft/aspnet:4.6.2
# Also tried the bellow command with /l
RUN icacls --% "C:\inetpub\wwwroot" /grant Everyone:(OI)(CI)F /t
答案 0 :(得分:0)
由于某些原因,IUSR有权在容器文件夹中的任何位置(无论是否已映射)写入C:\inetpub\wwwroot中的内容。 IIS禁止写入此特定路径。
我最终创建了一个使用来自dockerfile的另一个物理路径的应用程序,并且一切现在都按预期工作:
FROM microsoft/aspnet:4.6.2
RUN C:\Windows\system32\inetsrv\appcmd.exe set app \"Default Web Site/\" /physicalPath:C:\SomeOtherMountPoint