Adobe 38043740 - ColdFusion Standard - Mac Manual page 10

User / Group
cfusion (Your ColdFusion Service Identity)
Click the Add button and add the iisservice user grant Read and List Folder Contents Permission. Add the
cfusion user and grant Read, List Folder Contents Permission. Grant cfusion Write and Delete permission if
your applications make use of the file system via (cffile, cfdirectory, etc). Also give the Administrators full
control over this folder, and remove any unnecessary privileges.
Check the Replace all existing inheritable auditing entries on all descendants with inheritable auditing entries
from this object checkbox to propagate this setting to all sub folders and files existing or created below this
folder.
Select the Auditing tab in the Advanced Security Settings dialog. Click the Edit button and ensure that some
level of auditing exists. Auditing can generate a large amount of logs, and if too verbose can make the job of
monitoring the server logs difficult. Auditing every successful file read in this directory may not be necessary.
Use your judgement to determine an appropriate auditing policy based on your security requirements. A good
minimal policy would be to audit all Fails, and certain Success events (Delete, Change Permissions, etc).
Permissions
•
List folder / read data
•
Read attributes
•
Read extended attributes
•
Read permissions
(Add additional write/delete permissions
to folders or files that CF must write to)
10