Hello all, I'm trying to ascertain the best way to securely configure PHP5 (the no-installer version) on Windows XP (with SP2) for use with IIS and MySQL. Does anyone have a list of the least NTFS privileges needed for the PHP install when used with IIS? At present I have created two additional partitions, one for the programs the other for data. PHP Setup ----------------- On the 'programs' partition, which I will call P: for now, I remove the default NTFS permissions and replace them with Administrators:Full and SYSTEM:Full. I allow propagation of these permissions to child files and folders. I then copy the no-installer version to P: to create P:\PHP As recommended I have added the P:\PHP path to the Path system variable. In addition to the inherited permissions I explicitly allow the IIS security context read permissions to P:\PHP and its children. In the default case this would be %machinename%\IUSR_%machinename%. I confess I was hoping to save myself some time by asking if any of you has a list of the required permissions needed on the PHP folder. Is it safe enough to allow IIS read-access to all of the PHP contents? (I'm wondering about the php.ini file in particular) On the 'data' partition, which I will call D: for now, I remove the default NTFS permissions and replace them with Administrators:Full and SYSTEM:Full. I allow propagation of these permissions to child files and folders. I then create a root folder to be the root of my website D:\WEBROOT. In addition to the inherited permissions I explicitly allow the IIS security context read permissions to D:\WEBROOT and it's children. In the default case this would be %machinename%\IUSR_%machinename%. My conjecture: as the PHP ISAPI extension is running under the IIS security context it means that the PHP engine has read access to these files. If this is wrong *please* let me know!! MySQL Setup --------------------- I copy the no-installer version of MySQL to P: to create P:\MySQL I create a new local user account to run the MySQL Service. I remove the default group membership and allow the account to run as a service. If anyone has any best-practice information regarding the creation and use of service accounts I'd be grateful if you could send me a link or the info. In addition to the inherited permissions I explicitly allow the MySQL Service account read permissions to P:\MySQL and its children. I then create a MySQL data folder D:\MySQL. In addition to the inherited permissions I explicitly allow the MySQL Service account modify permissions to D:\MySQL and its children. I create a my.ini file for MySQL and place it in the %WinDir% folder allowing the MySQL Service account read access. ------------------------------------------------------------ [mysqld] # set basedir to your installation path basedir=P:\\mysql # set datadir to the location of your data directory datadir=D:\\mysql\\data ------------------------------------------------------------ I copy the P:\MySQL\Data folder to D:\MySQL to create D:\MySQL\Data. The folder inherits the permissions of the parent. I then run the MySQL Server with switches to install it as a service. As soon as the service is installed I change the security context of the service to use the MySQL Service account created earlier. I then start the service. I immediately use the command line client to change the root password and remove anonymous access, flushing the priveledges afterwards. My conjecture: the above ensures that if the MySQL service account is compromised it only has access to the MySQL folders on P: and D: I also assume that the MySQL files do not need to be readable by the IIS security context. Once again; If this is wrong *please* let me know!! Can anyone confirm how the PHP engine talks to the MySQL instance through IIS? Does this make the PHPISAPI.dll a MySQL client talking to the MySQL interfaces, either through pipes (I'm not 100% convinced I know how these work; any guidance would be appreciated) or through a loop-back using the TCP 3306 port? In either case I assume that any host-based firewall would not need to allow traffic from outside the localhost. Many thanks to those of you that took the time to read through all of this. I will greatly appreciate feedback as to how successful this would be in securing an install of PHP and MySQL on IIS 5.1. If you have any comments or suggestions as to how this more secure or to simply correct an erroneous assumption on may part; give me a reply. lamaslany
