madasczik
asked on
IIS6 FTP User Isolation Modes / Win2k3
I want to set up my development c:\inetpub\wwwroot\ as a ftp root using isolate mode under IIS6 / Win2k3. My goal is to give clients a ftp login that will point to c:\inetpub\wwwroot\clients
It seems that the only way I was able to login in a user successfully is by making the FTP root point to c:\inetpub\ftproot . Then created subfolders in the c:\inetpub\ftproot like so \localuser\username. This is fine, but my boss doesn't want the extra work of copying stuff manually from the ftproot to the appropriate wwwroot folder.
If I setup folder c:\inetpub\wwwroot\ as the root FTP site in non-isolation mode, any user can login fine to the ftp but has full access to everything in the ftp root regardless of the virtual directory that I point them to.
I need some help on this one, I already went through microsofts support section on the topic but it was of no help:
http://support.microsoft.com/default.aspx?kbid=814865&product=iis60
Is there a registry edit or anything that can force win2k3 to allow other folders besides c:\inetpub\ftproot\localus
Am I missing something? Will a 3rd party FTP server software allow more freedom to isolate a user login to one folder only, no matter where i set the ftp root? Any recommendations?
500 points to the expert of experts.
It seems that the only way I was able to login in a user successfully is by making the FTP root point to c:\inetpub\ftproot . Then created subfolders in the c:\inetpub\ftproot like so \localuser\username. This is fine, but my boss doesn't want the extra work of copying stuff manually from the ftproot to the appropriate wwwroot folder.
If I setup folder c:\inetpub\wwwroot\ as the root FTP site in non-isolation mode, any user can login fine to the ftp but has full access to everything in the ftp root regardless of the virtual directory that I point them to.
I need some help on this one, I already went through microsofts support section on the topic but it was of no help:
http://support.microsoft.com/default.aspx?kbid=814865&product=iis60
Is there a registry edit or anything that can force win2k3 to allow other folders besides c:\inetpub\ftproot\localus
Am I missing something? Will a 3rd party FTP server software allow more freedom to isolate a user login to one folder only, no matter where i set the ftp root? Any recommendations?
500 points to the expert of experts.
You should really have the ftp root seperate, if you allow direct access to the webroot you will run into issues like locked files, i.e. someone is looking at a particular file while the client is trying to ftp over it, and many more issues. Also good if you want to virus scan the uploaded files first, I simply had some replication setup between the FTP root and the web root, a simple batch file that used xcopy, this ran every 15 minutes and a virus scan as well.
You don't really need to name the directory the same as the username, you only need to name the virtual directory the same as the username, I would stick to a more clearer file structure like
inetpub/ftproot/production
inetpub/ftproot/staging/[w
inetpub/wwwroot/production
inetpub/wwwroot/staging/[w
thats if you have any staging before publishing.
inetpub/ftproot/production
inetpub/ftproot/staging/[w
inetpub/wwwroot/production
inetpub/wwwroot/staging/[w
thats if you have any staging before publishing.
ASKER
I have Mcafee ASAP on all the boxes, it pretty much scans anything coming or going from the computers. Can you show me the xcopy batch file you use, and how you run it every 15 minutes? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.