|
|
You're in the
iis security
group:IIS folder structure and security.
iis security:
Hi,
Been browsing for some information about how I should organize our Windows 2003 servers running IIS6. Whith organize I mean which folder structure we should use and to to make it secure. The structure I have atm looks like this: D:\Websites ..=2E. D:\Websites\domain1.com D:\Websites\domain1.com\www D:\Websites\domain1.com\db ..=2E. D:\Websites\domain2.com D:\Websites\domain2.com\www D:\Websites\domain2.com\db and so on for each domain on the server. In the IIS each site have it's root to the 'www' folder. I.e the site for the domain domain1.com points to the folder D:\Websites\domain1.com\www. The server is a shared webhosting server with all kinds of customers with different domains. I dont use the IIS FTP so I dont have to worry that users can change/delete files from other users directories that way. But what I wonder is, can the user with domain1.com execute a script that he put in D:\Websites\domain1.com\www that in some way could access the files in D:\Websites\domain2.com\www? If so, which would be the best way to fix this? Do I have to create Windows accounts and set NTFS permissions on each customers folder? Any id=E9as, comments or thoughts on this would be appreciated. Best regards Erik Droszcz
Yes, it's possible, with a lax NTFS security scheme, for a user of site1 to
access files in other sites with, say, FileSystemObject. This could lead to some shenanigans. The way I'd deal with this would be to add a unique user account for each separate user, and a group which you can add the users to for blanket permissions. then make sure only the appropriate user account has rights on their set of folders. If they then tried to cross the boundary into another site, they'd immediately be denied. It sounds hard to set up at first, but once you get going with it it's really not too hard. -- Jason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. [quoted text, click to view] <edroszcz@gmail.com> wrote in message Hi,news:1113603977.291868.73260@g14g2000cwa.googlegroups.com... Been browsing for some information about how I should organize our Windows 2003 servers running IIS6. Whith organize I mean which folder structure we should use and to to make it secure. The structure I have atm looks like this: D:\Websites .... D:\Websites\domain1.com D:\Websites\domain1.com\www D:\Websites\domain1.com\db .... D:\Websites\domain2.com D:\Websites\domain2.com\www D:\Websites\domain2.com\db and so on for each domain on the server. In the IIS each site have it's root to the 'www' folder. I.e the site for the domain domain1.com points to the folder D:\Websites\domain1.com\www. The server is a shared webhosting server with all kinds of customers with different domains. I dont use the IIS FTP so I dont have to worry that users can change/delete files from other users directories that way. But what I wonder is, can the user with domain1.com execute a script that he put in D:\Websites\domain1.com\www that in some way could access the files in D:\Websites\domain2.com\www? If so, which would be the best way to fix this? Do I have to create Windows accounts and set NTFS permissions on each customers folder? Any idéas, comments or thoughts on this would be appreciated. Best regards Erik Droszcz
nope, an ISAPi filter wouldn't be any good. it operates in the wrong layer
you can change the app pool identity, i.e. have w3wp.exe running under different accounts. -- Jason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. [quoted text, click to view] <edroszcz@gmail.com> wrote in message | Ok, I was hoping this could be done without the need to create actualnews:1113641330.829929.213540@g14g2000cwa.googlegroups.com... | Windows accounts. It would be so sweet if it could done some other way. | Maby with some ISAPI filter for the IIS that would block scripts to | access resources outsite it's on directory. | | But even if you would create separate users for each website, the | w3wp.exe process is still run under the same user for all websites. I | am not really sure exactly what that user have access to. But is there | any chance scripts can gain access to files outside it's own directory | since all sites use w3wp.exe? |
Ok, I was hoping this could be done without the need to create actual
Windows accounts. It would be so sweet if it could done some other way. Maby with some ISAPI filter for the IIS that would block scripts to access resources outsite it's on directory. But even if you would create separate users for each website, the w3wp.exe process is still run under the same user for all websites. I am not really sure exactly what that user have access to. But is there any chance scripts can gain access to files outside it's own directory since all sites use w3wp.exe?
Ohh, ok.
Well, thanks for your comments! You know how webhosting companies usualy handle this (that run Windows server and IIS that is)? I mean, most companies have some kind of administration system that adds/removes the websites on the server itself. I wonder if they also create a separate Windows user account for each new IIS website they add. Do you know anything about it?
For security when hosting multiple customer sites, you can assign a unique
user to act as the anonymous account for each site. Then you ACL with that unique anonymous account and get the seperation. You can set AppPools to run under a different identity as well.. -Chris [quoted text, click to view] "edroszcz" wrote:
> Ohh, ok. > > Well, thanks for your comments! > > You know how webhosting companies usualy handle this (that run Windows > server and IIS that is)? I mean, most companies have some kind of > administration system that adds/removes the websites on the server > itself. I wonder if they also create a separate Windows user account > for each new IIS website they add. > > Do you know anything about it? >
I should have read this before posting; is there a through documentation
available on setting up unique accounts and not letting them access other folders? [quoted text, click to view] "Jason Brown [MSFT]" wrote:
> Yes, it's possible, with a lax NTFS security scheme, for a user of site1 to > access files in other sites with, say, FileSystemObject. This could lead to > some shenanigans. > > The way I'd deal with this would be to add a unique user account for each > separate user, and a group which you can add the users to for blanket > permissions. then make sure only the appropriate user account has rights on > their set of folders. If they then tried to cross the boundary into another > site, they'd immediately be denied. > > It sounds hard to set up at first, but once you get going with it it's > really not too hard. > > > -- > Jason Brown > Microsoft GTSC, IIS > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > > <edroszcz@gmail.com> wrote in message > news:1113603977.291868.73260@g14g2000cwa.googlegroups.com... > Hi, > > Been browsing for some information about how I should organize our > Windows 2003 servers running IIS6. Whith organize I mean which folder > structure we should use and to to make it secure. > > The structure I have atm looks like this: > > D:\Websites > .... > D:\Websites\domain1.com > D:\Websites\domain1.com\www > D:\Websites\domain1.com\db > .... > D:\Websites\domain2.com > D:\Websites\domain2.com\www > D:\Websites\domain2.com\db > > and so on for each domain on the server. > > In the IIS each site have it's root to the 'www' folder. I.e the site > for the domain domain1.com points to the folder > D:\Websites\domain1.com\www. > > The server is a shared webhosting server with all kinds of customers > with different domains. I dont use the IIS FTP so I dont have to worry > that users can change/delete files from other users directories that > way. > > But what I wonder is, can the user with domain1.com execute a script > that he put in D:\Websites\domain1.com\www that in some way could > access the files in D:\Websites\domain2.com\www? > > If so, which would be the best way to fix this? Do I have to create > Windows accounts and set NTFS permissions on each customers folder? > > Any idéas, comments or thoughts on this would be appreciated. > > Best regards > Erik Droszcz > >
On Wed, 20 Apr 2005 00:35:01 -0700, "Savas"
[quoted text, click to view] <Savas@discussions.microsoft.com> wrote: >I should have read this before posting; is there a through documentation >available on setting up unique accounts and not letting them access other >folders? That's basic Windows security, not limited to IIS so a decent Windows administration book should cover it. Also take a look at: http://www.microsoft.com/serviceproviders/microsoftsolutions/sharedhostingguide.asp http://www.microsoft.com/serviceproviders/webhosting/default.asp And the forums l,ocated there and at asp.net. Jeff [quoted text, click to view] >"Jason Brown [MSFT]" wrote:
> >> Yes, it's possible, with a lax NTFS security scheme, for a user of site1 to >> access files in other sites with, say, FileSystemObject. This could lead to >> some shenanigans. >> >> The way I'd deal with this would be to add a unique user account for each >> separate user, and a group which you can add the users to for blanket >> permissions. then make sure only the appropriate user account has rights on >> their set of folders. If they then tried to cross the boundary into another >> site, they'd immediately be denied. >> >> It sounds hard to set up at first, but once you get going with it it's >> really not too hard. >> >> >> -- >> Jason Brown >> Microsoft GTSC, IIS >> >> This posting is provided "AS IS" with no warranties, and confers no rights. >> >> >> >> <edroszcz@gmail.com> wrote in message >> news:1113603977.291868.73260@g14g2000cwa.googlegroups.com... >> Hi, >> >> Been browsing for some information about how I should organize our >> Windows 2003 servers running IIS6. Whith organize I mean which folder >> structure we should use and to to make it secure. >> >> The structure I have atm looks like this: >> >> D:\Websites >> .... >> D:\Websites\domain1.com >> D:\Websites\domain1.com\www >> D:\Websites\domain1.com\db >> .... >> D:\Websites\domain2.com >> D:\Websites\domain2.com\www >> D:\Websites\domain2.com\db >> >> and so on for each domain on the server. >> >> In the IIS each site have it's root to the 'www' folder. I.e the site >> for the domain domain1.com points to the folder >> D:\Websites\domain1.com\www. >> >> The server is a shared webhosting server with all kinds of customers >> with different domains. I dont use the IIS FTP so I dont have to worry >> that users can change/delete files from other users directories that >> way. >> >> But what I wonder is, can the user with domain1.com execute a script >> that he put in D:\Websites\domain1.com\www that in some way could >> access the files in D:\Websites\domain2.com\www? >> >> If so, which would be the best way to fix this? Do I have to create >> Windows accounts and set NTFS permissions on each customers folder? >> >> Any idéas, comments or thoughts on this would be appreciated. >> >> Best regards >> Erik Droszcz >> >> >>
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |