Win2003 NTFS Security bypassed by FTP -- iis ftp

Kyle Holladay
1/24/2005 6:57:02 PM

Here is what I did:
1) Created the followign security groups
FTPGuests
FTPPowerUsers
FTPSuperUsers
2) Added the user FTPguest to the FTPGuests security group
3) Under the security tab for the FTPSuperUsers folder I assigned "Full
Control" to the FTPSuperUsers security group and UNchecked "Allow inheritable
permissions..." and removed permission for all but FTPSuperUsers and SYSTEM.
4) When logged in to Windows 2003 as user FTPguest I get "Access is denied"
as I should

This is where it gets odd, remember I am CORRECTLY denied access to the
FTPSuperUsers folder when logged into Windows 2003 as FTPguest however when I
connect to ftp.mydomain.com as FTPguest I have full access to all folders
including the FTPSuperUsers.

Pete
1/27/2005 4:21:03 PM

Kyle,

What do you mean you have "full access"? Do you mean that you can read and
write to the folder that you log in to? Or does it mean that you can see the
contents of the folder?

When you login via FTP, Microsoft FTP server will try to put you into a
folder within your FTP root that matches your user name. If it can't find
such a folder, it puts you in at the FTP root. There are some articles about
"FTP user isolation" in IIS on the Microsoft site as well as elsewhere on the
web.

--Pete

[quoted text, click to view]

Bernard
2/1/2005 3:23:18 PM

Don't really get you. what's the effect ntfs permission of the folder.
and what's the username and folder name ?

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about iis ftp

iis ftp : Win2003 NTFS Security bypassed by FTP