The Site Doctor Blog

Footprints in the snow of a warped mind

< Back to Blog

How To: Automatically set Umbraco folder permissions after AppVeyor deploy

We've been playing more with AppVeyor over the past few weeks to automate the deployment of our sites and one of the things we got caught out with was the Umbraco folder permissions which we do with PowerShell on the server.

It turns out it's really simple to run a powershell script if you're deploying using Environments -simply add a deploy.ps1 file in the root of your website with the various scripts you want to run and that's it…

I've put our one below in case you want to copy/paste, it also creates the SSL validation folder which you may or not want…


# Useful for debugging variables
# Get-ChildItem Env:

$GrantAccessTo="IIS APPPOOL\$Apppool_Name";
$SSLValidationPath = ".well-known/pki-validation"

# Add a fallback to a known user
If($GrantAccessTo -eq 'IIS APPPOOL\'){

# Only set umbraco permisisons if it's an Umbraco site
If((test-path "Umbraco") -And (test-path "Umbraco_client")){
    Write-Host "Site looks like an Umbraco instance -setting permissions" -ForegroundColor Green

    Get-ChildItem -path $Websitefolder | Where { $ -eq "App_Code"-or $ -eq "App_Data"-or $ -eq "Bin"-or $ -eq "Config"-or $ -eq "Css"-or $ -eq "MacroScripts"-or $ -eq "Masterpages"-or $ -eq "Media"-or $ -eq "Scripts"-or $ -eq "Umbraco"-or $ -eq "Umbraco_client"-or $ -eq "UserControls"-or $ -eq "Views"-or $ -eq "Xslt"-or $ -eq "web.config"} | ForEach {
        $Path = $_.Fullname
        $Permission = "Modify"
        $GetACL = Get-Acl $Path
        if ($_.PSIsContainer){
            Write-Host "Is folder, setting InheritanceFlags: '$Path'" -ForegroundColor Cyan
            $Allinherit = []"ContainerInherit, ObjectInherit"
            $Allpropagation = []"None"
            $AccessRule = New-Object$GrantAccessTo, $Permission, $AllInherit, $Allpropagation, "Allow")
            $AccessRule = New-Object$GrantAccessTo, $Permission, "Allow")
        if ($GetACL.Access | Where { $_.IdentityReference -eq $GrantAccessTo}) {
            Write-Host "Modifying Permissions For: '$GrantAccessTo' On: '$Path'" -ForegroundColor Yellow
            $AccessModification = New-Object
            $AccessModification.value__ = 2
            $Modification = $False
            $GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
        } else {
            Write-Host "Adding Permission: '$Permission' For: '$GrantAccessTo' On: '$Path'"
        Set-Acl -aclobject $GetACL -Path $Path
        Write-Host "Permission: '$Permission' Set For: '$GrantAccessTo'" -ForegroundColor Green
    Write-Host "Site doesn't look like an Umbraco instance -skipping setting permissions" -ForegroundColor Yellow   

# Create the SSL validation folders if not already created (awkward because of the "." at the start of well-known)
If(!(test-path $SSLValidationPath))
    New-Item -ItemType Directory -Force -Path $SSLValidationPath
    Write-Host "SSL Folder already exists: '$SSLValidationPath'" -ForegroundColor Yellow
Author: Tim on

Liked this post? Got a suggestion? Leave a comment