Example of Security Rule Entry in Security Metadata File
The following security rule sets access rights to objects that belong to
domain example.com
for the Windows user account named
domainuser1
.
Security rule entry
<Entry AccounType="1" Account="domainuser1" SidStr="S-1-5-21-821798554-1223697094-3523996037-1043" Path="[HTTPD_VHOSTS_D]" SubPath="example.com" AceFlags="FilesOnly" AccessMask="Read" EntryFlags="0x140" Tag="DomainUser" Tag2="" />
Explanation
Because the name domainuser1
is not a standard system account name,
it has to be resolved in the system (hence, AccounType="1"
). The
optional SidStr
attribute is defined to improve Plesk stability. The
HTTPD_VHOSTS_D
component path in the Path
attribute specifies
the common part of the path to the domain root folder where the
example.com
folder is located. The SubPath
attribute sets the
specific domain root folder to which the rule will be applied.
AceFlags="FilesOnly"
specifies that, according to this rule, an ACE
with permission defined by AccessMask="Read"
will be created and
added only to the example.com
folder and all files contained within
that folder. EntryFlags="0x140"
enables (i) creation of the domain
root folder (which is necessary during domain creation) and (ii) strict
enforcement of the access permissions defined by the
AccessMask="Read"
permission mask. Tag="DomainUser"
designates
the security rule as pertaining to a domain hosting account and is used
by Plesk to properly organize the processing of security metadata.