Solved

FTP Security

Posted on 2006-11-20
8
257 Views
Last Modified: 2010-04-16
Ok, here's what I am trying to do.  I don't even know if it's the right approach.  I am writing the 'World Virtual Science Fair' for the College of the North Atlantic - Qatar.  I work there as a college instructor (Communications not programming)

Once a 'Team' fills out the required info the system registers them and creates their folder.  The name of the folder is their uniqueID, like Team123.  The system writes a start page inside this folder called index.html.  Now, the newly registered team has a folder and inside the folder, one file.  Once the team logs in I want the system to allow them to FTP files to their folder.  The FTP looks like Windows Explorer where they can simply drop files into their folder.  All of this I can do.

The problem....

How do I keep teams out of other team's folders?  Once they log in and click the upload button, the FTP window opens beautifully into their folder but they have access to the toolbar with the arrow to move up directories.  This allows them inside any other folder.

This site is written using ASP.

Is there a way to set permissions on the newly created folders at run time?
If not, what is the solution?

By the way, since I am not a guru this site is fabulous.

Vince Stack

Vince Stack
0
Comment
Question by:vstack
  • 3
  • 2
8 Comments
 
LVL 2

Expert Comment

by:sonicysa
ID: 17981900
Are you using NT authentication for them to login?
0
 

Author Comment

by:vstack
ID: 17982020
No.  They just log in from a security tabl in the database.  I could use NT Authentication if that helps.

Thank you
0
 
LVL 2

Expert Comment

by:sonicysa
ID: 17982161
What I was thinking was that if you were using NT authentication you could then somehow create the new folder and asign nt permissions on that folder based on the logged in user account.
I think it is Sever.authenticated_user
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 2

Accepted Solution

by:
sonicysa earned 250 total points
ID: 17982198
http://www.w3schools.com/asp/coll_servervariables.asp

AUTH_USER

make sure that you set the authentication mode in IIS security to the one that is clear text because other methods will not allow the Auth_user server variable to be populated. If you require https I think it cures that clear text problem though.

0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 250 total points
ID: 17983224
This will work easiest using NT authentication, preferably from a Domain controller if available.  Basically, you can use the Microsoft CACLS utility to set the permissions.  You can even integrate this into your ASP page to have it set the permissions when it creates their folder (just make sure you put a delay between the creation and setting permissions or else it'll fail).  Here is an example of how to use CACLS in a bat file to set permissions to child folders:

@echo off
REM setperm.bat

setlocal
IF {%1}=={} GOTO bad
IF {%2}=={} GOTO bad
IF NOT EXIST %1 GOTO bad
IF {%3}=={} set perm=C&goto ok
if {%3}=={C} set perm=C&goto ok
if {%3}=={F} set perm=F&goto ok
goto bad
:ok
set pf=%1
set dom=%2
set pf=%pf:"=%
set dom=%dom:"=%
for /f "Tokens=*" %%a in ('dir "%pf%" /AD /B') do set user=%%a&call :parse
endlocal
GOTO :EOF
:bad
@echo Usage: SetPerm "Drive:\Directory of Users Parent Folder" "NetBIOS Domain Name" [C or F]
@echo.
endlocal
goto :EOF
:parse
REM ============================================================================================================
REM Specify Permissions by Manually Adding Users with CACLS Commands and Auto Adds User Account by Folder Name:
REM ***** Edit User/Group Accounts
REM ============================================================================================================
for /f "Tokens=5*" %%c in ('echo Y^| cacls "%pf%\%user%" /T /G Administrators:F "Backup Operators":R "%dom%\%user%":%perm% "%dom%\Enterprise Admins":F "%dom%\Domain Admins":F') do @echo %%d

0
 
LVL 8

Expert Comment

by:deadite
ID: 17983244
Eww, that didn't paste too great..... watch out for some of those lines to make sure they are on the same line as REM.... like the line of ===== will make the bat file fail unless it is all on the REM line.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is Python programming? 3 103
C# code editing and collaboration 3 98
Java Loop 6 49
egit plugin on eclipse 8 37
A short article about a problem I had getting the GPS LocationListener working.
If you’re thinking to yourself “That description sounds a lot like two people doing the work that one could accomplish,” you’re not alone.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now