To modify access permissions for the files and folders of your Windows 2008 website, log in to HostPilot Control Panel and navigate to Web\FTP Server > Access Permissions.
The interface provides options for setting specific permissions for separate users (on the User Permissions tab) and for groups of users (on the Group Permissions tab). You can change Read and Write permissions for all the site users that were created the same way as for the groups of users they belong to.
To make the process of updating website access permissions more flexible and to increase the overall performance of the operations, we have enabled file permissions propagation for the account root folder. This means that all the permissions that were set for a particular folder on your account will be automatically pulled by all the sub-folders of that folder.
In the Inherited column, you can see the default permissions that were pre-set as a result of propagation from the parent folder.
Using the Explicit column, you can override the inheritance to either allow or deny users Read or Write access for the selected folder. If you leave Inherit selected in the drop-down list, it means that the same propagated permissions will be set for the user.
The Effective column shows the permissions that will be set as a result of propagation and the modifications made in the Explicit column.
When you are sure that the Effective permissions list represents the correct access rights that should be given to your site users, click the Save Changes button to update the folder settings.
It is also possible to set permissions for an entire groups of users. To switch to group permissions edit mode, click the Group Permissions button.
When a new Windows 2008 account is set up, there are three groups of users created automatically:
AllUsers: All the Site\FTP users that are created on the account are automatically added to this group. By default, this group does not have any access permissions configured, so you may need to make sure that the AllUsers group and any new user you add have proper access permissions set for the required folders of the website.
IIS_WPG: Web server Anonymous user and Application Pool users belong to this group.
WebMasters: This is a special group for users that have additional privileges on the account, like connecting to the server with IIS Remote Manager (read the Knowledge Base article on How do I connect to Windows 2008/IIS7 using the Microsoft IIS Remote Manager? for more information). Initially, only the account System user is listed in the group. Read the Knowledge Base article on How to get an additional user to manage a virtual web server via IIS Remote Manager for instructions on how to add a user to the WebMasters group.
- Group access permissions take precedence over end-user permissions. This means that if a folder has Deny Write access set for a specific group, it becomes impossible to Allow Write for the users of that group (you will see a grey "X" in the Inherited column indicating that). However, you should be able to set any needed access permissions for the sub-folders.
- Due to the security restrictions of the shared environment, it is not possible to create any additional groups for the website.