网络服务帐户默认是否应该接收临时文件权限?

时间:2022-12-12 16:48:56

Recently I was working with generating a PDF from Crystal Reports through a webform. It was failing, which I determined to be caused by the permissions settings on the c:\windows\temp dir. I gave the Network Service account full access to this folder, which promptly fixed the issue. But is there a reason the Network Service account didn't have these permissions by default?

最近我正在通过webform从Crystal Reports生成PDF。它失败了,我决定是由c:\ windows \ temp目录上的权限设置引起的。我向网络服务帐户授予了对此文件夹的完全访问权限,从而立即修复了该问题。但是,默认情况下,网络服务帐户没有这些权限吗?

Rick Strahl asks this question here. It sounds like there shouldn't be any issues with doing this, but Rick wasn't clear on why the default is set that way.

Rick Strahl在这里问这个问题。听起来这样做不应该有任何问题,但Rick并不清楚为什么默认设置是这样的。

Web Server is Windows Server 2003

Web Server是Windows Server 2003

3 个解决方案

#1


1  

These days, the default option will tend to be the more secure one. I don't think there's any other reason.

现在,默认选项往往更安全。我认为没有任何其他原因。

I've had the same issue as you, and in my environment just gave the permission and moved on.

我和你有同样的问题,在我的环境中只是给了你许可并继续前进。

This post suggests it is the fault of Crystal Reports, which is explicitly referencing %WINDIR%\Temp instead of using an API such as Path.GetTempPath(). In fact I have seen Path.GetTempPath() return %WINDIR%\Temp when running under the Network Service account on Windows 2003.

这篇文章表明它是Crystal Reports的错误,它明确引用%WINDIR%\ Temp而不是使用诸如Path.GetTempPath()之类的API。事实上,我在Windows 2003上的网络服务帐户下运行时看到Path.GetTempPath()返回%WINDIR%\ Temp。

#2


1  

This post on creating temp files has comments that support using the windows temp folder.

这篇关于创建临时文件的帖子有支持使用windows临时文件夹的注释。

An msdn article on using the Network Service account states that "if your ASP.NET application needs to use files or folders in other locations, you must specifically enable access" This tells me that the default restriction to the temp folder isn't because the temp folder was singled out, but that all other locations besides the IIS root folder are restricted by default.

有关使用网络服务帐户的msdn文章指出“如果您的ASP.NET应用程序需要在其他位置使用文件或文件夹,则必须专门启用访问”这告诉我对temp文件夹的默认限制不是因为temp文件夹被挑选出来,但默认情况下,IIS根文件夹以外的所有其他位置都受到限制。

#3


0  

%windows%\temp is not for general temp'ing and barfing around. It is crystal clear that Crystal Reports is abusing that directory. This happens a lot when developers are too lazy to boot up their machines with anything but an admin account.

%windows%\ temp不适用于一般临时和周围环境。很明显,Crystal Reports正在滥用该目录。当开发人员懒得用管理员帐户以外的任何东西来启动他们的机器时,这种情况会发生很多。

Every user (including Network Service) has their own temp space, with full access rights, under Documents & Settings. Winners don't act like CR, and use their own temp spaces.

每个用户(包括网络服务)都有自己的临时空间,具有完全访问权限,位于“文档和设置”下。获胜者不像CR一样,并使用自己的临时空间。

In short, there is nothing wrong with default permissions on win\temp. I believe it is simply meant for Windows' internal workings. (Then again, it would be much better for everyone concerned, if that directory never existed in the first place.)

简而言之,win \ temp上的默认权限没有任何问题。我相信它仅仅适用于Windows的内部工作。 (然后,对于所有相关人员来说,如果该目录从未存在过,那将会好得多。)

#1


1  

These days, the default option will tend to be the more secure one. I don't think there's any other reason.

现在,默认选项往往更安全。我认为没有任何其他原因。

I've had the same issue as you, and in my environment just gave the permission and moved on.

我和你有同样的问题,在我的环境中只是给了你许可并继续前进。

This post suggests it is the fault of Crystal Reports, which is explicitly referencing %WINDIR%\Temp instead of using an API such as Path.GetTempPath(). In fact I have seen Path.GetTempPath() return %WINDIR%\Temp when running under the Network Service account on Windows 2003.

这篇文章表明它是Crystal Reports的错误,它明确引用%WINDIR%\ Temp而不是使用诸如Path.GetTempPath()之类的API。事实上,我在Windows 2003上的网络服务帐户下运行时看到Path.GetTempPath()返回%WINDIR%\ Temp。

#2


1  

This post on creating temp files has comments that support using the windows temp folder.

这篇关于创建临时文件的帖子有支持使用windows临时文件夹的注释。

An msdn article on using the Network Service account states that "if your ASP.NET application needs to use files or folders in other locations, you must specifically enable access" This tells me that the default restriction to the temp folder isn't because the temp folder was singled out, but that all other locations besides the IIS root folder are restricted by default.

有关使用网络服务帐户的msdn文章指出“如果您的ASP.NET应用程序需要在其他位置使用文件或文件夹,则必须专门启用访问”这告诉我对temp文件夹的默认限制不是因为temp文件夹被挑选出来,但默认情况下,IIS根文件夹以外的所有其他位置都受到限制。

#3


0  

%windows%\temp is not for general temp'ing and barfing around. It is crystal clear that Crystal Reports is abusing that directory. This happens a lot when developers are too lazy to boot up their machines with anything but an admin account.

%windows%\ temp不适用于一般临时和周围环境。很明显,Crystal Reports正在滥用该目录。当开发人员懒得用管理员帐户以外的任何东西来启动他们的机器时,这种情况会发生很多。

Every user (including Network Service) has their own temp space, with full access rights, under Documents & Settings. Winners don't act like CR, and use their own temp spaces.

每个用户(包括网络服务)都有自己的临时空间,具有完全访问权限,位于“文档和设置”下。获胜者不像CR一样,并使用自己的临时空间。

In short, there is nothing wrong with default permissions on win\temp. I believe it is simply meant for Windows' internal workings. (Then again, it would be much better for everyone concerned, if that directory never existed in the first place.)

简而言之,win \ temp上的默认权限没有任何问题。我相信它仅仅适用于Windows的内部工作。 (然后,对于所有相关人员来说,如果该目录从未存在过,那将会好得多。)