| Groups | Blog | Home |
iis ftp : anonymous read only vs users full control
I have setup an FTP site on a Windows 2003 Server and I need some help
configuring it so that it allows anonymous users Read only but any authenticated users that are in the ACL full control. It seems that if I turn on Read Only, it applies it to everyone including anonymous. If i turn off Ready Only, it also applies it to everyone.
I did that but it's still allowing the anonymous user to write, delete, etc.
[quoted text, click to view] "Bernard Cheah [MVP]" wrote:
> You should control it at NTFS level. > Go to the physical folder where the FTP site mapped to, then control the > ACLs there > Grant - iusr_computername (default anonymous account) READ > then - youruser (any user account) READ/WRITE/FULL Control/ETC > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message > news:D05F130A-D0EA-48AF-8A93-DA594AB5A6A3@microsoft.com... > >I have setup an FTP site on a Windows 2003 Server and I need some help > > configuring it so that it allows anonymous users Read only but any > > authenticated users that are in the ACL full control. > > > > It seems that if I turn on Read Only, it applies it to everyone including > > anonymous. If i turn off Ready Only, it also applies it to everyone. > > > > Is there a way to separate them? > >
Open up IIS manager, right click the FTP site, select properties, select the
Home Directory Tab. Is there a check mark in the write box? If so then uncheck it. Either that or you will have to configure the user permissions accordingly in the Server Management. I hope this helps [quoted text, click to view] "Gilbert" wrote:
> I did that but it's still allowing the anonymous user to write, delete, etc. > > "Bernard Cheah [MVP]" wrote: > > > You should control it at NTFS level. > > Go to the physical folder where the FTP site mapped to, then control the > > ACLs there > > Grant - iusr_computername (default anonymous account) READ > > then - youruser (any user account) READ/WRITE/FULL Control/ETC > > > > -- > > Regards, > > Bernard Cheah > > http://www.iis-resources.com/ > > http://www.iiswebcastseries.com/ > > http://msmvps.com/blogs/bernard/ > > > > > > "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message > > news:D05F130A-D0EA-48AF-8A93-DA594AB5A6A3@microsoft.com... > > >I have setup an FTP site on a Windows 2003 Server and I need some help > > > configuring it so that it allows anonymous users Read only but any > > > authenticated users that are in the ACL full control. > > > > > > It seems that if I turn on Read Only, it applies it to everyone including > > > anonymous. If i turn off Ready Only, it also applies it to everyone. > > > > > > Is there a way to separate them? > > > >
I don't think so. unless the anonymous account has WRITE permission, the
account can't write/delete etc What's the ACLs of those folder/files system - full administrator - full iusr - ???? xxxx ???? -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message news:E994607D-C0A2-4D13-AEDB-6AE88718C01A@microsoft.com... >I did that but it's still allowing the anonymous user to write, delete, >etc. > > "Bernard Cheah [MVP]" wrote: > >> You should control it at NTFS level. >> Go to the physical folder where the FTP site mapped to, then control the >> ACLs there >> Grant - iusr_computername (default anonymous account) READ >> then - youruser (any user account) READ/WRITE/FULL Control/ETC >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message >> news:D05F130A-D0EA-48AF-8A93-DA594AB5A6A3@microsoft.com... >> >I have setup an FTP site on a Windows 2003 Server and I need some help >> > configuring it so that it allows anonymous users Read only but any >> > authenticated users that are in the ACL full control. >> > >> > It seems that if I turn on Read Only, it applies it to everyone >> > including >> > anonymous. If i turn off Ready Only, it also applies it to everyone. >> > >> > Is there a way to separate them? >> >> >>
You should control it at NTFS level.
Go to the physical folder where the FTP site mapped to, then control the ACLs there Grant - iusr_computername (default anonymous account) READ then - youruser (any user account) READ/WRITE/FULL Control/ETC -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message news:D05F130A-D0EA-48AF-8A93-DA594AB5A6A3@microsoft.com... >I have setup an FTP site on a Windows 2003 Server and I need some help > configuring it so that it allows anonymous users Read only but any > authenticated users that are in the ACL full control. > > It seems that if I turn on Read Only, it applies it to everyone including > anonymous. If i turn off Ready Only, it also applies it to everyone. > > Is there a way to separate them?
Ok, I figured it out. The permissions were as follows:
Admins --Full control System --full control IUSR --Read, Read & Execute, List contents Users --Read, Read & Execute, List contents, special permissions (inherited from above). Special permissions =Create files/write data, create folders/append data The key was the "special permissions" that Users had. IUSR is considerd a user so it was also getting the permissions that Users were getting. I removed the Users group from the list and now it works. Yeay!!! [quoted text, click to view] "Bernard Cheah [MVP]" wrote:
> I don't think so. unless the anonymous account has WRITE permission, the > account can't write/delete etc > What's the ACLs of those folder/files > > system - full > administrator - full > iusr - ???? > xxxx ???? > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message > news:E994607D-C0A2-4D13-AEDB-6AE88718C01A@microsoft.com... > >I did that but it's still allowing the anonymous user to write, delete, > >etc. > > > > "Bernard Cheah [MVP]" wrote: > > > >> You should control it at NTFS level. > >> Go to the physical folder where the FTP site mapped to, then control the > >> ACLs there > >> Grant - iusr_computername (default anonymous account) READ > >> then - youruser (any user account) READ/WRITE/FULL Control/ETC > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis-resources.com/ > >> http://www.iiswebcastseries.com/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message > >> news:D05F130A-D0EA-48AF-8A93-DA594AB5A6A3@microsoft.com... > >> >I have setup an FTP site on a Windows 2003 Server and I need some help > >> > configuring it so that it allows anonymous users Read only but any > >> > authenticated users that are in the ACL full control. > >> > > >> > It seems that if I turn on Read Only, it applies it to everyone > >> > including > >> > anonymous. If i turn off Ready Only, it also applies it to everyone. > >> > > >> > Is there a way to separate them? > >> > >> > >> > >
Yay!!!!
[quoted text, click to view] "Gilbert" wrote:
> Ok, I figured it out. The permissions were as follows: > Admins --Full control > System --full control > IUSR --Read, Read & Execute, List contents > Users --Read, Read & Execute, List contents, special permissions (inherited > from above). Special permissions =Create files/write data, create > folders/append data > > The key was the "special permissions" that Users had. IUSR is considerd a > user so it was also getting the permissions that Users were getting. I > removed the Users group from the list and now it works. > > Yeay!!! > > "Bernard Cheah [MVP]" wrote: > > > I don't think so. unless the anonymous account has WRITE permission, the > > account can't write/delete etc > > What's the ACLs of those folder/files > > > > system - full > > administrator - full > > iusr - ???? > > xxxx ???? > > > > -- > > Regards, > > Bernard Cheah > > http://www.iis-resources.com/ > > http://www.iiswebcastseries.com/ > > http://msmvps.com/blogs/bernard/ > > > > > > "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message > > news:E994607D-C0A2-4D13-AEDB-6AE88718C01A@microsoft.com... > > >I did that but it's still allowing the anonymous user to write, delete, > > >etc. > > > > > > "Bernard Cheah [MVP]" wrote: > > > > > >> You should control it at NTFS level. > > >> Go to the physical folder where the FTP site mapped to, then control the > > >> ACLs there > > >> Grant - iusr_computername (default anonymous account) READ > > >> then - youruser (any user account) READ/WRITE/FULL Control/ETC > > >> > > >> -- > > >> Regards, > > >> Bernard Cheah > > >> http://www.iis-resources.com/ > > >> http://www.iiswebcastseries.com/ > > >> http://msmvps.com/blogs/bernard/ > > >> > > >> > > >> "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message > > >> news:D05F130A-D0EA-48AF-8A93-DA594AB5A6A3@microsoft.com... > > >> >I have setup an FTP site on a Windows 2003 Server and I need some help > > >> > configuring it so that it allows anonymous users Read only but any > > >> > authenticated users that are in the ACL full control. > > >> > > > >> > It seems that if I turn on Read Only, it applies it to everyone > > >> > including > > >> > anonymous. If i turn off Ready Only, it also applies it to everyone. > > >> > > > >> > Is there a way to separate them? > > >> > > >> > > >> > > > >
Told you........ :)
It's either the permissions were granted specifically to the user or inherit from group permissions where the user belong to. -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message news:E72FF55F-803E-4272-9FF1-7BB57F7D7C1C@microsoft.com... > Ok, I figured it out. The permissions were as follows: > Admins --Full control > System --full control > IUSR --Read, Read & Execute, List contents > Users --Read, Read & Execute, List contents, special permissions > (inherited > from above). Special permissions =Create files/write data, create > folders/append data > > The key was the "special permissions" that Users had. IUSR is considerd a > user so it was also getting the permissions that Users were getting. I > removed the Users group from the list and now it works. > > Yeay!!! > > "Bernard Cheah [MVP]" wrote: > >> I don't think so. unless the anonymous account has WRITE permission, the >> account can't write/delete etc >> What's the ACLs of those folder/files >> >> system - full >> administrator - full >> iusr - ???? >> xxxx ???? >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message >> news:E994607D-C0A2-4D13-AEDB-6AE88718C01A@microsoft.com... >> >I did that but it's still allowing the anonymous user to write, delete, >> >etc. >> > >> > "Bernard Cheah [MVP]" wrote: >> > >> >> You should control it at NTFS level. >> >> Go to the physical folder where the FTP site mapped to, then control >> >> the >> >> ACLs there >> >> Grant - iusr_computername (default anonymous account) READ >> >> then - youruser (any user account) READ/WRITE/FULL Control/ETC >> >> >> >> -- >> >> Regards, >> >> Bernard Cheah >> >> http://www.iis-resources.com/ >> >> http://www.iiswebcastseries.com/ >> >> http://msmvps.com/blogs/bernard/ >> >> >> >> >> >> "Gilbert" <Gilbert@discussions.microsoft.com> wrote in message >> >> news:D05F130A-D0EA-48AF-8A93-DA594AB5A6A3@microsoft.com... >> >> >I have setup an FTP site on a Windows 2003 Server and I need some >> >> >help >> >> > configuring it so that it allows anonymous users Read only but any >> >> > authenticated users that are in the ACL full control. >> >> > >> >> > It seems that if I turn on Read Only, it applies it to everyone >> >> > including >> >> > anonymous. If i turn off Ready Only, it also applies it to >> >> > everyone. >> >> > >> >> > Is there a way to separate them? >> >> >> >> >> >> >> >> >>
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |