Whah
asked on
Restricting FTP access to home directory. Windows 2000. IIS.
Info:
1. I created a user on my webserver called, "user1".
2. I created a folder in the FTP home directory (C:\clients) called, "user1".
3. The user is able to FTP into my webserver with the login: '"user1". The user's root directory is (C:\clients\user1).
4. The user is also able to cd up to the FTP home directory (C:\clients), and back down into all sub-directories (C:\clients\user0, C:\clients\user2, et cetera).
Issue:
The issue is (4); I do not want the user to be able to move out of his or her home directory.
Stipulations:
1. I have dozens and dozens of logins; I would rather not change any permissions on the FTP root directory, or any of the other sub-directories. However - if this is the only way to complete this task; so be it.
2. I'd rather not bring into play any other third-party software.
Thank you much!
Whah.
1. I created a user on my webserver called, "user1".
2. I created a folder in the FTP home directory (C:\clients) called, "user1".
3. The user is able to FTP into my webserver with the login: '"user1". The user's root directory is (C:\clients\user1).
4. The user is also able to cd up to the FTP home directory (C:\clients), and back down into all sub-directories (C:\clients\user0, C:\clients\user2, et cetera).
Issue:
The issue is (4); I do not want the user to be able to move out of his or her home directory.
Stipulations:
1. I have dozens and dozens of logins; I would rather not change any permissions on the FTP root directory, or any of the other sub-directories. However - if this is the only way to complete this task; so be it.
2. I'd rather not bring into play any other third-party software.
Thank you much!
Whah.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Whah,
Meverest is dead on whith his answer.
You will need to set proper NTFS permissions on each home directory to truly restrict access by other users.
You can hide the users folder by using virtual directories but you would have to create a vdir for each user. This is security through obscurity.
Or you can do both and go for defense in depth.
If you want a true solution to this issue I would suggest looking into Windows Server 2003. The FTP service with IIS 6.0 has two new isolation models that would fit your needs perfectly.
Dave Dietz
Meverest is dead on whith his answer.
You will need to set proper NTFS permissions on each home directory to truly restrict access by other users.
You can hide the users folder by using virtual directories but you would have to create a vdir for each user. This is security through obscurity.
Or you can do both and go for defense in depth.
If you want a true solution to this issue I would suggest looking into Windows Server 2003. The FTP service with IIS 6.0 has two new isolation models that would fit your needs perfectly.
Dave Dietz
>> Would I then need to create VD's for every user that is in 'C:\clients'?
yes. check out c:/inetpub/AdminScripts for examples how to script the virtual folder setup.
Regards.
yes. check out c:/inetpub/AdminScripts for examples how to script the virtual folder setup.
Regards.
ASKER
Thank you for your reply.
If I move my 'Default FTP Site -> Home Directory' from; 'C:\clients', to 'C:\ftproot', wouldn't that ruin all the other users I have? Would I then need to create VD's for every user that is in 'C:\clients'?
This is the situation I am trying to avoid.
Whah!