|
|
You're in the
iis ftp
group:FTP User Isolation and Websites
iis ftp:
Hi folks,
Right now we have our agency website sitting on an IIS 6.0 server (on Windows 2003 server Standard Edition). We also have other websites (all using same IP as main site) sitting on the same server but using virtual directories. We have separate individuals maintaining these various sites. What I'm attempting to do is use FTP user isolation so that each individual can ftp their website files only to their folder and not be able to view or access others' folders. What I'm having trouble wrapping my mind around in IIS is the connection between the FTP process and the inetpub/wwwroot. Here's how I'm figuring I need to do this. I place the website files in their separate directories under wwwroot. Example: website A and website B would be in separate directories in inetpub\wwwroot In IIS manager I create a separate FTP site using FTP user isolation for each website. For the home directory, I point it to the appropriate directory in wwwroot. Example: I create FTP Site A in IIS manager and point its' home directory to wwwroot/website A. My question is, how do I then set it up so that User A can access only the directory for website A and not website B? Am I on the right track? Many thanks for your help, Zach
More or less along the way.
I assume you are talking about standard user isolation and not AD integration isolation. Now, to get this work simple way is to configure web structure to map with ftp. a)setup this How To Set Up Isolated Ftp Site http://support.microsoft.com/?id=555018 2) so now you got userA, userB folder configure related NTFS permissions on those folder. say userA can only read&write on userA folder but not others, etc 3) Copy your webfiles to the new folder... 4) Map the different website root path to these user diectories. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Zach Mathew" <zmathew@iccb.org> wrote in message news:ew3wD$NDHHA.4952@TK2MSFTNGP06.phx.gbl... > Hi folks, > > Right now we have our agency website sitting on an IIS 6.0 server (on > Windows 2003 server Standard Edition). We also have other websites (all > using same IP as main site) sitting on the same server but using virtual > directories. We have separate individuals maintaining these various > sites. What I'm attempting to do is use FTP user isolation so that each > individual can ftp their website files only to their folder and not be > able to view or access others' folders. > > What I'm having trouble wrapping my mind around in IIS is the connection > between the FTP process and the inetpub/wwwroot. Here's how I'm figuring > I need to do this. > > I place the website files in their separate directories under wwwroot. > Example: website A and website B would be in separate directories in > inetpub\wwwroot > > In IIS manager I create a separate FTP site using FTP user isolation for > each website. For the home directory, I point it to the appropriate > directory in wwwroot. > > Example: I create FTP Site A in IIS manager and point its' home directory > to wwwroot/website A. > > My question is, how do I then set it up so that User A can access only the > directory for website A and not website B? Am I on the right track? > > Many thanks for your help, > > Zach > > > > >
Hi Mathew
Just one quick question, a bit off topic but worth considering, are you using separate iis-user accounts for these diffrent sites? If you have iis-user modify on the folders you can then give access via ASP / ASP.NET or something other than can write in the other websites content. If using thesame account, the different sites will be able to read all the other sites webfiles via for example FSO. But if it is thesame customer, then well its ok i guess but if the plan is to have more than 1 site on one machine take a good long stare at the problem and understand what impact this will have in a later state as this is nothing fun and will take alot of time if it happends just to figure out what could have been wrong. BR Daniel Tiru [quoted text, click to view] "Zach Mathew" <zmathew@iccb.org> wrote in message
news:ew3wD$NDHHA.4952@TK2MSFTNGP06.phx.gbl... > Hi folks, > > Right now we have our agency website sitting on an IIS 6.0 server (on > Windows 2003 server Standard Edition). We also have other websites (all > using same IP as main site) sitting on the same server but using virtual > directories. We have separate individuals maintaining these various > sites. What I'm attempting to do is use FTP user isolation so that each > individual can ftp their website files only to their folder and not be > able to view or access others' folders. > > What I'm having trouble wrapping my mind around in IIS is the connection > between the FTP process and the inetpub/wwwroot. Here's how I'm figuring > I need to do this. > > I place the website files in their separate directories under wwwroot. > Example: website A and website B would be in separate directories in > inetpub\wwwroot > > In IIS manager I create a separate FTP site using FTP user isolation for > each website. For the home directory, I point it to the appropriate > directory in wwwroot. > > Example: I create FTP Site A in IIS manager and point its' home directory > to wwwroot/website A. > > My question is, how do I then set it up so that User A can access only the > directory for website A and not website B? Am I on the right track? > > Many thanks for your help, > > Zach > > > > >
Bernard,
Thank you for your detailed response. Yes, we are wanting to use standard user isolation and not AD. I think I follow what you are saying. However, I need to clarify one thing. We have one domain under which these various sites are operating under. For example, say site.org is the domain we own and the agency website is www.site.org. We then have other sites listed under that domain such as www.site.org/ged, www.site.org/techprep, www.site.org/adulted. This was done by creating the ged, techprep, and adulted directories under inetpub/wwwroot where the files for site.org reside. Then in IIS manager, I created virtual directories for each of those three sites and set the home directories to the ged, techprep, and adulted folders. Different individuals maintain the sites and need to be able to ftp the files to their directory. What I want is that they to be able to access only their directory and not the others' or the root directory where the agency website resides. That's where I'm running into trouble and was needing a bit of help. Do you think your steps 2-4 below will do the trick? Regards, Zach [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message news:uo1kuMUDHHA.3600@TK2MSFTNGP06.phx.gbl... > More or less along the way. > I assume you are talking about standard user isolation and not AD > integration isolation. > > Now, to get this work simple way is to configure web structure to map with > ftp. > a)setup this > How To Set Up Isolated Ftp Site > http://support.microsoft.com/?id=555018 > > 2) so now you got userA, userB folder > configure related NTFS permissions on those folder. say userA can only > read&write on userA folder but not others, etc > > 3) Copy your webfiles to the new folder... > > 4) Map the different website root path to these user diectories. > > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://www.iis-resources.com/ > http://msmvps.com/blogs/bernard/ > > > "Zach Mathew" <zmathew@iccb.org> wrote in message > news:ew3wD$NDHHA.4952@TK2MSFTNGP06.phx.gbl... >> Hi folks, >> >> Right now we have our agency website sitting on an IIS 6.0 server (on >> Windows 2003 server Standard Edition). We also have other websites (all >> using same IP as main site) sitting on the same server but using virtual >> directories. We have separate individuals maintaining these various >> sites. What I'm attempting to do is use FTP user isolation so that each >> individual can ftp their website files only to their folder and not be >> able to view or access others' folders. >> >> What I'm having trouble wrapping my mind around in IIS is the connection >> between the FTP process and the inetpub/wwwroot. Here's how I'm figuring >> I need to do this. >> >> I place the website files in their separate directories under wwwroot. >> Example: website A and website B would be in separate directories in >> inetpub\wwwroot >> >> In IIS manager I create a separate FTP site using FTP user isolation for >> each website. For the home directory, I point it to the appropriate >> directory in wwwroot. >> >> Example: I create FTP Site A in IIS manager and point its' home directory >> to wwwroot/website A. >> >> My question is, how do I then set it up so that User A can access only >> the directory for website A and not website B? Am I on the right track? >> >> Many thanks for your help, >> >> Zach >> >> >> >> >> > >
Hey Daniel,
Yes, I created separate user accounts for each user that maintains a separate website. I think you are right, I need to play around with the user permissions on the folders. Thanks. Zach [quoted text, click to view] "Tiru" <daniel@tiru.se> wrote in message news:D62C3A68-F32D-45FB-BA06-C46365EA0CAE@microsoft.com... > Hi Mathew > > Just one quick question, a bit off topic but worth considering, are you > using separate iis-user accounts for these diffrent sites? If you have > iis-user modify on the folders you can then give access via ASP / ASP.NET > or something other than can write in the other websites content. If using > thesame account, the different sites will be able to read all the other > sites webfiles via for example FSO. > > But if it is thesame customer, then well its ok i guess but if the plan > is to have more than 1 site on one machine take a good long stare at the > problem and understand what impact this will have in a later state as this > is nothing fun and will take alot of time if it happends just to figure > out what could have been wrong. > > BR > Daniel Tiru > > > > "Zach Mathew" <zmathew@iccb.org> wrote in message > news:ew3wD$NDHHA.4952@TK2MSFTNGP06.phx.gbl... >> Hi folks, >> >> Right now we have our agency website sitting on an IIS 6.0 server (on >> Windows 2003 server Standard Edition). We also have other websites (all >> using same IP as main site) sitting on the same server but using virtual >> directories. We have separate individuals maintaining these various >> sites. What I'm attempting to do is use FTP user isolation so that each >> individual can ftp their website files only to their folder and not be >> able to view or access others' folders. >> >> What I'm having trouble wrapping my mind around in IIS is the connection >> between the FTP process and the inetpub/wwwroot. Here's how I'm figuring >> I need to do this. >> >> I place the website files in their separate directories under wwwroot. >> Example: website A and website B would be in separate directories in >> inetpub\wwwroot >> >> In IIS manager I create a separate FTP site using FTP user isolation for >> each website. For the home directory, I point it to the appropriate >> directory in wwwroot. >> >> Example: I create FTP Site A in IIS manager and point its' home directory >> to wwwroot/website A. >> >> My question is, how do I then set it up so that User A can access only >> the directory for website A and not website B? Am I on the right track? >> >> Many thanks for your help, >> >> Zach >> >> >> >> >> >
Yes, I think it would still apply.
you just need to tweak it further. so say ali is on www.site.org -> d:\ftp\localusers\ali\ then you got susan on /ged -> d:\ftp\localusers\susan so your webroot is point to d:\ftp\localusers\ali\ then create a virtual directory at the website and point it to d:\ftp\localusers\susan so this makes www.site.org/ged/ point to susan folder and with users isolation. ali and susan will only allow to access their own folders. of coz make sure you got the correct ntfs permissions configured. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Zach Mathew" <zmathew@iccb.org> wrote in message news:Opu55QYDHHA.3476@TK2MSFTNGP04.phx.gbl... > Bernard, > > Thank you for your detailed response. Yes, we are wanting to use standard > user isolation and not AD. > > I think I follow what you are saying. However, I need to clarify one > thing. We have one domain under which these various sites are operating > under. For example, say site.org is the domain we own and the agency > website is www.site.org. We then have other sites listed under that > domain such as www.site.org/ged, www.site.org/techprep, > www.site.org/adulted. This was done by creating the ged, techprep, and > adulted directories under inetpub/wwwroot where the files for site.org > reside. Then in IIS manager, I created virtual directories for each of > those three sites and set the home directories to the ged, techprep, and > adulted folders. > > Different individuals maintain the sites and need to be able to ftp the > files to their directory. What I want is that they to be able to access > only their directory and not the others' or the root directory where the > agency website resides. That's where I'm running into trouble and was > needing a bit of help. Do you think your steps 2-4 below will do the > trick? > > Regards, > > Zach > > > > > > "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message > news:uo1kuMUDHHA.3600@TK2MSFTNGP06.phx.gbl... >> More or less along the way. >> I assume you are talking about standard user isolation and not AD >> integration isolation. >> >> Now, to get this work simple way is to configure web structure to map >> with ftp. >> a)setup this >> How To Set Up Isolated Ftp Site >> http://support.microsoft.com/?id=555018 >> >> 2) so now you got userA, userB folder >> configure related NTFS permissions on those folder. say userA can only >> read&write on userA folder but not others, etc >> >> 3) Copy your webfiles to the new folder... >> >> 4) Map the different website root path to these user diectories. >> >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis.net/ >> http://www.iis-resources.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Zach Mathew" <zmathew@iccb.org> wrote in message >> news:ew3wD$NDHHA.4952@TK2MSFTNGP06.phx.gbl... >>> Hi folks, >>> >>> Right now we have our agency website sitting on an IIS 6.0 server (on >>> Windows 2003 server Standard Edition). We also have other websites (all >>> using same IP as main site) sitting on the same server but using virtual >>> directories. We have separate individuals maintaining these various >>> sites. What I'm attempting to do is use FTP user isolation so that each >>> individual can ftp their website files only to their folder and not be >>> able to view or access others' folders. >>> >>> What I'm having trouble wrapping my mind around in IIS is the connection >>> between the FTP process and the inetpub/wwwroot. Here's how I'm >>> figuring I need to do this. >>> >>> I place the website files in their separate directories under wwwroot. >>> Example: website A and website B would be in separate directories in >>> inetpub\wwwroot >>> >>> In IIS manager I create a separate FTP site using FTP user isolation for >>> each website. For the home directory, I point it to the appropriate >>> directory in wwwroot. >>> >>> Example: I create FTP Site A in IIS manager and point its' home >>> directory to wwwroot/website A. >>> >>> My question is, how do I then set it up so that User A can access only >>> the directory for website A and not website B? Am I on the right track? >>> >>> Many thanks for your help, >>> >>> Zach >>> >>> >>> >>> >>> >> >> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |