Set or change an Azure App Service file or folder permission
I was using FileZilla to try to change the file permissions and I got this error:
Status: Setting permissions of '/site/wwwroot/index.html' to '644' Command: SITE CHMOD 644 index.html Response: 500 'SITE': command not understood Status: Setting permissions of '/site/wwwroot/index.html' to '755' Command: SITE CHMOD 755 index.html Response: 500 'SITE': command not understood
Then I started looking from some information about this and wasn’t able to get a clear understanding or message. I did find numerous articles and the Azure App Services forum:
- Web Sites Folder Permissions
- Can't Upgrade WordPress Plugin from External Site and Changing Folder Permissions
- Changing folder permissions on website
- Folder Permissions on Windows Azure Web Sites
My first reaction was to look into changing the permission using chmod, but that didn’t turn out to be the right direction. As you can see in Figure 1, running CHMOD 777 on the index file did not result in any change, so although the command seemed to execute successfully, nothing changed.
Figure 1, changing file permission on an Azure App Service, chmod
When I ran the attrib command and set the file to read-only, as described here, it apparently worked.
Figure 2, changing file permission on an Azure App Service, attrib
Then I attempted to modify the file and got this error, also show in Figure 3.
ERROR 409 Conflict: Could not write to local resource 'D:\home\site\wwwroot\index.html' due to error 'Access to the path 'D:\home\site\wwwroot\index.html' is denied.'.
Figure 3, changing file permission on an Azure App Service, attrib +r
At those links provided above, David Ebbo stated “Only the site owner is allowed to publish to the site, e.g. using FTP or GIT. At runtime, your app is allowed to write to the file system. If the logic in your app allows users to upload files, and then write those files to the file system, then they will be written. So obviously, if you write such app, you want to be careful what you write on behalf of users. But users themselves don't have any intrinsic rights to write anywhere.” And Jim Cheshire stated “The ACLs on your site's folders are set using an application pool identity, the SID of which is dynamically injected into the process when it starts. This security model is different from the Unix-based environment that your plugin is expecting, and it provides a more secure environment.”
I interpret both statements to mean that you do not need to set file permissions by default. If you have coded something in your application that warrants changing file permissions then that is another matter.
I’d be interested in learning about any web based scenario where file permissions needed to be specifically set. Leave a comment if you have one.