?
Solved

IIS6 FTP User Isolation Modes / Win2k3

Posted on 2004-04-29
4
Medium Priority
?
886 Views
Last Modified: 2012-06-27
I want to set up my development c:\inetpub\wwwroot\ as a ftp root using isolate mode under IIS6 / Win2k3.  My goal is to give clients a ftp login that will point to c:\inetpub\wwwroot\clientsite\ftp folder but have it so they can't go further up the directory tree, and I'm restricted to 1 IP address.

It seems that the only way I was able to login in a user successfully is by making the FTP root point to c:\inetpub\ftproot . Then created subfolders in the c:\inetpub\ftproot like so \localuser\username.  This is fine, but my boss doesn't want the extra work of copying stuff manually from the ftproot to the appropriate wwwroot folder.

If I setup folder c:\inetpub\wwwroot\ as the root FTP site in non-isolation mode, any user can login fine to the ftp but has full access to everything in the ftp root regardless of the virtual directory that I point them to.

I need some help on this one, I already went through microsofts support section on the topic but it was of no help:
http://support.microsoft.com/default.aspx?kbid=814865&product=iis60

Is there a registry edit or anything that can force win2k3 to allow other folders besides c:\inetpub\ftproot\localuser\ to run in isolation mode?

Am I missing something?  Will a 3rd party FTP server software allow more freedom to isolate a user login to one folder only, no matter where i set the ftp root?  Any recommendations?

500 points to the expert of experts.
0
Comment
Question by:madasczik
  • 3
4 Comments
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10955898
You should really have the ftp root seperate, if you allow direct access to the webroot you will run into issues like locked files, i.e. someone is looking at a particular file while the client is trying to ftp over it, and many more issues. Also good if you want to virus scan the uploaded files first, I simply had some replication setup between the FTP root and the web root, a simple batch file that used xcopy, this ran every 15 minutes and a virus scan as well.
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10955915
You don't really need to name the directory the same as the username, you only need to name the virtual directory the same as the username, I would stick to a more clearer file structure like

inetpub/ftproot/production/[website]
inetpub/ftproot/staging/[website]

inetpub/wwwroot/production/[website]
inetpub/wwwroot/staging/[website]

thats if you have any staging before publishing.
0
 

Author Comment

by:madasczik
ID: 10955980
I have Mcafee ASAP on all the boxes, it pretty much scans anything coming or going from the computers.  Can you show me the xcopy batch file you use, and how you run it every 15 minutes?  Thanks
0
 
LVL 17

Accepted Solution

by:
Tacobell777 earned 2000 total points
ID: 10956051
I don't run an ISP anymore ;-) but from the top of my head

xcopy and then the attributes to copy stuff over

you call the batch file with windows "Scheduled Tasks"
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question