Setting File Access Rights Different From Parent Container’s
The following rule sets access rights to files in the error_docs
folder on domain example.com
for the Windows user account named
domainuser1
.
Security rule entry
<Entry AccounType="1" Account="domainuser1" SidStr="S-1-5-21-821798554-1223697094-3523996037-1043" Path="[HTTPD_VHOSTS_D]" SubPath="example.com\error_docs\*.*" AceFlags="FilesOnly" AccessMask="ReadWrite" EntryFlags="0x80" Tag="DomainUser" Tag2="" />
Note: When entry flag 0x80
is included in a security rule entry, the
path to the objects defined by the SubPath
attribute must include
a file mask. This example uses file mask *.*
.
Explanation
Because the name domainuser1
is not a standard system account name,
it has to be resolved in the system (hence, AccounType="1"
). The
optional SidStr
attribute is defined to improve Plesk stability. The
HTTPD_VHOSTS_D
component path in the Path
attribute specifies
the common part of the path to the domain root folder where the
example.com
folder is located. The SubPath
attribute completes
the path to the error_docs
folder to which the rule will be applied.
AceFlags="FilesOnly"
specifies that, according to this rule, an ACE
with permission defined by AccessMask="ReadWrite"
will be created
and added only to the error_docs
folder and all files contained
within that folder. However, EntryFlags="0x80"
further restricts the
ACE creation only to the files within the folder, excluding the
error_docs
folder from this rule. Tag="DomainUser"
designates
the security rule as pertaining to a domain hosting account and is used
by Plesk to properly organize the processing of security metadata.