FTP Folder Permissions 1

[mrpib]

Hi,

I've setup a ftp server using IIS 5 for clients to log directly to their own folder. The security settings for clients folders are as follows: local administrator & the user accessing that particular folder with full rights. In a FTP client software, they are able to go the root of that folder if they chose " / " and see all other folders but are restricted from entering other clients folders. How can I restrict them from even getting into the root to view the other folders? Right now the root security is set full for administrator & local users.

Thanks in advance.

 

[ornae]

This is just a guess since IIS 5 ftp is such a pain to configure.....but have you tried setting each user's home directory from the MMC? You'd have to do it in each user's machine account, I would think.

-Dan

 

[ChrisHirst]

Create a username and a virtual folder under the Default FTP site with the same name,
eg;

username user1
ftp VF user1

point this virtual folder to the root folder for the respective website (I make the logs available over FTP)

like so

Websites Admin FTP points here
|
|--user1 FTP for user1 points here
| |
| |--logs
| |
| |--www website for user1 folders
|
|--user2
| |
| |--logs
| |
| |--www


Point the default FTP site to an empty folder with read permissions only (stop warez hackers dumping files etc) and it stops users going up the tree.
Create an Admin user name and VF, make the Admin FTP VF point to the websites root.


Chris.


Indifference will be the downfall of mankind, but who cares?

 

[Knutern]

Very nice tip ChrisHirst. I implemented it at things looked fine. But, there's one drawback, when the user changes to root directory, his folder is not being listed. So in order to reenter "home-directory" the user needs to type to enter back.

How can i overcome this?

Cheers
Knutern

 

[mst3k]

They need to go to a read-only folder if they CD up from theirs. If not, just like he said before they will dump files, and try to get to where they shouldn't be. Unfortuantely, you cannot remove or deny the everyone group of that user from the folder above it, due to directory traverse checking (they would not be able to login)

 

[zxmax777777]

quick question for Chris's diagram

where do you create that user name name ? in computer management >> users and groups ?
if yes how would you distinguish which user goes to which folder , is by address ? eg : the user1 will use this as a host name " mywebsite.com/user1" and user2 will use this " mywebsite.com/user2 "

i'm just confused a bit there

thanks guys

 

[ChrisHirst]

create the usernames in user and groups and the users are directed by creating a virtual folder with the same name as the username.

And the hostname would be exactly that, unless you add more hostnames and hostheaders pointing to the users folder.




Chris.

Indifference will be the downfall of mankind, but who cares?

http://www.candsdesign.co.uk

A website that proves the cobblers kids adage.

http://www.cram-system.com

Nightclub counting systems

So long, and thanks for all the fish.