"lngDummy" <lngdummy@yahoo.co.uk> wrote in message
news:58bad80d.0410210157.75128d81@posting.google.com...
> I have a problem with permissions. I know problems with permissions
> are the most tedious/difficult problems to try and solve through this
> medium because the postee never provides enough info (and if they did
> they'd probably already have the answer) so I shall try and be as
> verbose as possible and cross my fingers...
>
> I have a web server with several web sites set up (running iis6 on
> w2k3 server se). I'm trying to set up iis6 ftp on w2k3 so that ftp
> users can upload and download web content to their web sites. There
> is a many-to-many relationship between the ftp users and web sites.
> This article,
http://weblogs.asp.net/owscott/archive/2004/06/19/160219.aspx,
> had some good ideas and I have implemented Scotts 'Doorway folder
> trick' and it seems to work quite well, expect that I dont understand
> how the permissions are working. Hence this posting.
>
> In detail I can explain this problem as...
>
> I have two main folders:
> c:\webs (administrators and system have full control)
> c:\ftp (administrators and system have full control and a new group
> (FtpUsers has Read&Execute, List Folder Contents, Read and Write
> permissiosn allowed)
>
> I have three web sites set up with the follow directory paths:
> C:\webs\site1
> C:\webs\site2
> C:\webs\site3
>
> I want to set up ftp access for two users:
> ftp_user1 to site1 and site2
> ftp_user2 to site1 and site3
>
> And to do this, following the backdoor folders trick, I have set up
> folders like this:
>
> C:\ftp\ftproot
> C:\ftp\ftp_user1\site1
> C:\ftp\ftp_user1\site2
> C:\ftp\ftp_user2\site1
> C:\ftp\ftp_user2\site3
>
> and an ftp server (non isolated users) like this:
> the ftp server's root directory points to C:\ftp\ftproot and read
> permissions are specified (not write)
> The root then has two virtual directories: ftp_user1 and ftp_user2
> that point to C:\ftp\ftp_user1 and C:\ftp\ftp_user2 respectively
> (again read only)
> and each of these virtual directories have two sub virtual directories
> set up, following the folder configuration, i.e. under the ftp_user1
> virtual directory there are two virtual directories "site1" and
> "site2" that point to the relevant folders within C:\webs. These sub
> virtual directories have read and write permissions.
>
> finally i set up a new local NT Group, FtpUsers and create two new
> local users ftp_user1 and ftp_user2 that are only members of the
> FtpUsers group
>
> this all works well:
> I can log in with my users - the users are directed to their
> respective roots and they can then enter and edit the sites that I
> have set up, but not add any directories to their roots.
> But my question is, How can these users add folders and files on to
> the C:\webs\ subdirectories when they have no explicitly given
> permissions on those sub folders.
> Either,
> 1. the user inherits permissions from the ftp "gateway" folder, or
> 2. the FTP service actually runs with system account and impersonates
> access
>
> Can anyone help clear up my mystery, or indeed show me a better way to
> do what I want to do?