Groups | Blog | Home
all groups > iis ftp > may 2006 >

iis ftp : FTP root directory security



probcdc
5/26/2006 11:23:04 AM
running an ftp site - IIS60/Windows Server 03

serveral users are setup to log in via Active Dir, each having their
own user account and password. when they log in they are directly sent
to a folder matching the username. BUT they can still browse up to
the root directory and then open any folder, which is not desirable.
the usernames are not listed in the permissions for the ftproot at all.
nor the directory above it and inheritance is turned of at all
levels. no virtual directories are setup and all physical folders are
ok! one caviat is that all ftp users are setup under a seperate OU.
i'm drowning...
jeff.nospam NO[at]SPAM zina.com
5/27/2006 3:40:58 PM
On 26 May 2006 11:23:04 -0700, "probcdc" <probertson@cdc-usa.com>
[quoted text, click to view]

Usernames don't need to be listed if a group they are a member of has
permission.

Bernard Cheah [MVP]
5/29/2006 12:00:00 AM
This is a known behavior with IIS 5, With IIS 6, you can utilize the user
isolation feature, which will kept the user at their home directories...
How To Set Up Isolated Ftp Site
http://support.microsoft.com/?id=555018


--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


[quoted text, click to view]

probcdc
5/30/2006 6:55:49 AM
looks like a good feature for iis60 - but it appears that you cannot
adjust it once the site is up and running. creating a new site is the
only way

thanks for your help!
Robin Walker [MVP]
5/30/2006 4:39:39 PM
[quoted text, click to view]

Yes, just "stop" the old site on port 21, then define and start the new
"isolated-users" site on Port 21.

It takes quite a while to set up an isolated-users site, as you have to
create home directories and assign permissions to each of them, so you could
initially trial the isolated-users site on a port other than 21 in parallel
with the old service.

--
Robin Walker [MVP Networking]
rdhw@cam.ac.uk

Bernard Cheah [MVP]
5/31/2006 12:00:00 AM
You can, but creating a new one is easier and faster, if you insist you can
try.
http://technet2.microsoft.com/WindowsServer/en/Library/aed30345-5110-4de9-b5f5-3c6278d057ef1033.mspx?mfr=true


--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.
Don't see what you're looking for? Try a search.
View other messages about iis ftp
AddThis Social Bookmark Button
View Other Months
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
home · blog · groups Questions? Comments? Contact the dn