I am trying to set up a new CMS site in Azure Web App for Linux. But it seems the folder permissions for "/home" and everything underneath is open for all. Doesn't matter how I try to change the permissions, the folders seem to remain writable.
Looking for guidance on how to make the folders in the /home and specially /home/site/wwwroot folder secure. Do not want to leave them writable by the scripts.
Thanks in advance!
Cheers!
For App Service on Linux and Web app for Containers, persistent storage is rooted in /home.
When you persist storage with the WEBSITES_ENABLE_APP_SERVICE_STORAGE app setting, we mount a location in Azure Storage to the /home mount point. The permissions on this are 777. You cannot change these permissions, even if you attempt to do so from an initialization script or from SSH. Refer to this article.
In order to change permissions, you need to set WEBSITES_ENABLE_APP_SERVICE_STORAGE to false in the application.
Big caveat: You cannot do this in standard (built-in) Linux images, and you have to build your own. If you want to go that route, here are the instructions.
I'm not sure why Microsoft decided that 777 was the right set of permissions, but that's the cloud for you :)
