IIS 5.0 default security permissions

[vectorw16]

Quick question,

What is the best security settings for IIS 5.0 web folders (Multiple web sites) with IIS ftp ?

For now I have some everyone full control and I don't like it at all.

What about admin & system (full control) + creating a group with IUSR & IWAM account and give it modify permission on the web site folder and then give the ftp user account modify permission too ?

Is it secure enough ? Can I give IUSR & IWAM read only permission on all web folders ? Or this will prevent scripts from running ?

Thanks for your advices

 

[zerkat]

Hi,

You are correct, DO NOT use the everyone account and give it full access EVER.

Without knowing the specifics of your set up, I can offer you this general advice. Usually you can use the IUSR account with read access and everything should work fine including your scripts. However, depending upon what kind of scripts you use you might need to further refine the permissions for those.

Hope this helps.

 

[vectorw16]

Thanks for the advice !

I've a couple of web site on my server ! Often simple html pages.

But I've some web page with Front Page Ext !

And some page connect to a mysql server.

I've done some testing and I need to give a bit more than read only to those last 2.

The main problem I wanted to fix was the possibility for ftp user to CD to other users virtual folder once logged !

I didn't install this server but I think this was a major security problem.