Setting File Access Rights Different From Parent Container's

The following rule sets access rights to files in the error_docs folder on domain for the Windows user account named domainuser1.

Security rule entry
<Entry AccounType="1" Account="domainuser1" SidStr="S-1-5-21-821798554-1223697094-3523996037-1043" Path="[HTTPD_VHOSTS_D]" SubPath="\error_docs\*.*" AceFlags="FilesOnly" AccessMask="ReadWrite" EntryFlags="0x80" Tag="DomainUser" Tag2="" />

Note: When entry flag 0x80 is included in a security rule entry, the path to the objects defined by the SubPath attribute must include a file mask. This example uses file mask *.*.


Because the name domainuser1 is not a standard system account name, it has to be resolved in the system (hence, AccounType="1"). The optional SidStr attribute is defined to improve Plesk stability. The HTTPD_VHOSTS_D component path in the Path attribute specifies the common part of the path to the domain root folder where the folder is located. The SubPath attribute completes the path to the error_docs folder to which the rule will be applied. AceFlags="FilesOnly" specifies that, according to this rule, an ACE with permission defined by AccessMask="ReadWrite" will be created and added only to the error_docs folder and all files contained within that folder. However, EntryFlags="0x80" further restricts the ACE creation only to the files within the folder, excluding the error_docs folder from this rule. Tag="DomainUser" designates the security rule as pertaining to a domain hosting account and is used by Plesk to properly organize the processing of security metadata.


Leave your comments on this page

Leave your feedback or question on this documentation topic below. For technical assistance, contact your hosting service provider or submit a request to Plesk support. Suggest new features for Plesk here. Discuss general questions on the Plesk forum. All offtopic comments will be removed.