Here’s some information:
http://www.xav.com/scripts/installer/3008.html
Here is a description of all permissions solutions and how to test them:
global read-write
If your web hosting provider makes the entire file system be read-write for web processes, then you will have no permissions problems. This can be done by giving the IUSR_Machine account Read/Write privileges to the web root folder. This is a reasonable solution if you have a dedicated web server that nobody else logs in to or uses for hosting.
Note that if you experience a permissions problem, then that means your web host is not configured for global read-write. You may want to contact your web host and request that they configure their server in this way.
setuid
Your web hosting provider can make all files and folders in your root web folder be writable by your own web processes. This is one of the most secure and easy-to-maintain configurations. It is identical to setuid/suexec/CGIWrap on Unix hosts.
In this model, your web host will modify the IIS server settings so that your web site is accessed using your Windows login account, instead of the default IUSR_Machine account. By doing this, all scripts that run in your site (CGI, ASP, etc.) will run under your user account and will be able to update any files or folders. You will still be protected against hacking from the other web sites on the same server, since their processes will run under a different account context (either IUSR_Machine or their own personal accounts).
Note that if you experience a permissions problem, then that means your web host is not configured for setuid. You may want to contact your web host and request that they configure their server in this way.
custom control panel
Your web hosting provider may have a web-based control panel that lets you set file permissions. These control panels are proprietary (each host must develop its own) and so you’ll need to contact your host to see if they have one, and to see how it works.
Web hosting company xo.com uses a custom control panel. See Installing CGI at xo.com for more information on using it.
admin setuid request
If your web server is running a pure Microsoft solution (with Microsoft Windows operating system, Microsoft IIS web server, and Microsoft FTP service), and if the web server allows for HTTP Basic authentication, then you should be able to force your own user context on a case-by-case basis. This is done by installing a CGI or ASP script which challenges you for username and password, and then uses those credentials to change its own process context from IUSR_Machine over to your user account. Once it is executing within your account context, it can take administration actions such as changing file permissions with the command-line cacls program.
FDSC makes available the free perms.asp script for doing this. If you use the auto-installer, it will perform a similar action using nph-installer. The perms.asp script is slightly more powerful because it can execute if HTTP Basic authentication is disabled, but another one such as NTLM is enabled. The auto-installer’s nph-installer script requires HTTP Basic.
preset data area
Some web hosts provider a default folder that is writable. For example, when you log in to your account over FTP, you will see folders labeled “data”, “db”, “logs”, and “web”. All of your web files will go into the read-only /web/ folder, and any script data files will need to be stored within the read-write /data/ or /db/ folders.
In these cases, you should install the script and then follow the instructions provided with each script regarding changing the location of the data folder. This will involve moving the script data folder into your private data area, and then updating the script files to reference the new location.
using Front Page folders
If the Front Page server extensions are installed on your site, then you will probably have a folder named /_private/ at the top level of your site, and that folder will probably be script-writable. You can store your data files within that folder, using the same approach described in present data area.
manual setting permissions
Visit the actual server computer (i.e., be sitting in front of it, logged in). Alternately, you can contact somebody who has local access and ask them to take these steps for you.
Select the file or folder to be made writable. Right-click, choose Properties, then Security. Customize all permissions.
An equivalent method is to open a command prompt, navigate to the file or folder, and use the “calcs” command-line tool to manipulate permissions. Both “calcs” and the Security tab are equivalent interfaces to the same underlying functionality.
You can also wrap a set of “calcs” commands in a batch file and run the batch file. This is useful if you are giving instructions for someone else to carry out. Just create a pre-programmed bat file and ask them to run it. All of our programs come with a pre-programmed “setperms.bat” file.
mapped drive
Ask your web host if you can create a mapped drive from your local Windows computer to their Windows server. You will need to connect from a client Windows computer running NT, 2000 or XP.
Once you’ve connected over the mapped drive, you can use the Security Properties or calcs command as in the above example.
Mapped drives also make it much easier to transfer files between client and server. You can use this instead of FTP.
