Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FTP server override NTFS permissions

Status
Not open for further replies.
jonathonoss

jonathonoss

MIS
Jan 8, 2002
23
0
0
US
I have a situation where I set the IUSR_MACHINENAME account to have read-only NTFS permissions for a directory (also explicity denying write), meanwhile in the FTP snapin, IUSR_MACHINENAME is the account for anonymous logins, and there is write and read access set for all logins.

My problem is that the anonymous account can do whatever it wants, although I have specified NTFS permissions to be more restrictive. I even explicitly deny all NTFS permissions to the anonymous user, yet the anonymous user can still do anything it wants.

Yes, I have checked a hundred times that the virtual root is pointing to the right directory, and again, the IUSR-MACHINENAME account in the NTFS permissions matches the anonymous user in the FTP Snapin.

I have set the same scenario up on other W2K SP2 machines (server and workstation), and I can successfully deny write access to the anonymous user (while allowing write access to whomever I specify in the NTFS permissions). But why won't it work on the important FTP server? I have restarted the FTP server, reinstalled the FTP server, restarted the machine, but nothing works. I really don't want to (and shouldn't have to) reinstall W2K.

I have spent way too much time on this seemingly simple problem. I am baffled as to why this won't work on the machine I need it to work! Any ideas?

Thanks,

Jon
 
Sort by date Sort by votes
Jon,
Have you checked the FTP virtual directory permissions? When you created the virtual directory, you should have chosen to give read permissions only to the virtual directory. Be sure that write is not checked. I found that when creating a virtual directory, the permissions you give to the virtual directory override the NTFS permissions you put on the actual folder where the data is stored.

Hope this is the answer you are looking for.
 
Upvote 0 Downvote
Thanks for your reply.

I just checked the FTP server to test the permissions again, and now it works. No one has touched it since I wrote the initial message. I don't know why it didn't work then but works now. Right before I wrote the message, I logged in as the anonymous user to test the NTFS permissions and that is it. I have not changed permissions or anything.

In response to your reply, if I am not mistaken, the permissions granted will be the most restrictive of the NTFS permissions and the permissions (read or write) for the FTP site.

I should be able to check 'write' permissions in the FTP snapin, and then for the NTFS permissions select 'read' and 'write' for user 'A', and 'read' for user 'B'. The result for user 'B' should be 'read' only as it is the most restrictive permission between the NTFS and FTP snapin permissions. User 'A', on the other hand, would be able to 'read' and 'write'.

Jon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
104
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
119
Aquiles Vidal
Aquiles Vidal
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
144
DrB0b
DrB0b
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
144
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
99
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top