MHenry
asked on
How best to setup user access via ftp on IIS7?
I have direct access to a server and am hosting several websites. One of my clients wants FTP access to their website.
What's the best way to set up an FTP account for them that will allow them access to ONLY their site?
I've seen a couple different ways to do this. One way seems to be to add the user to the user pool on the server. I think the other way is to manage it through IIS but I'm not really sure what the security concerns are.
Thanks,
MH
What's the best way to set up an FTP account for them that will allow them access to ONLY their site?
I've seen a couple different ways to do this. One way seems to be to add the user to the user pool on the server. I think the other way is to manage it through IIS but I'm not really sure what the security concerns are.
Thanks,
MH
MCSA2003
You can follow this guide to setup the actual FTP Server in IIS. http://www.trainsignaltraining.com/windows-server-2008-ftp-iis7/2008-04-25/ When it gets to the point of setting up the physical path, browse out to the folder that contains the folder for the user in question.
In 'Server Manager', expand Roles, right-click 'Web Server' and choose 'Add Role'. Scroll down and choose 'FTP Publishing Service' to install the FTP component of IIS.
Manage the FTP site and create a virtual directory with the same name as the username and configure it to point to the local folder for user's website. When user logs on through FTP, the home/start directory will be the folder for the website.
For the security part, they will only be able to access the folders available through FTP configuration. If having other virtual directories in the FTP-site that shall be restricted, configure NTFS permissions on the local folder to only allow the authorized user and the IIS-user used for www-access to access it.
If not creating the local folders in the c:\inetpub\ftproot folder, the virtual directories will be hidden if someone tries to browse the FTP-structure.
Manage the FTP site and create a virtual directory with the same name as the username and configure it to point to the local folder for user's website. When user logs on through FTP, the home/start directory will be the folder for the website.
For the security part, they will only be able to access the folders available through FTP configuration. If having other virtual directories in the FTP-site that shall be restricted, configure NTFS permissions on the local folder to only allow the authorized user and the IIS-user used for www-access to access it.
If not creating the local folders in the c:\inetpub\ftproot folder, the virtual directories will be hidden if someone tries to browse the FTP-structure.
ASKER
I've tried both of the suggestions and neither worked.
I went through the entire article (as well as the next which actually dealt with isolating the users) and the closest I got was an error saying "Can't login, home directory not available."
Any other suggestions?
Thanks,
MH
I went through the entire article (as well as the next which actually dealt with isolating the users) and the closest I got was an error saying "Can't login, home directory not available."
Any other suggestions?
Thanks,
MH
Where is the home directory located and what permissions have you assigned. The user will need read and write since they will be editing the documents.
ASKER
Yeah, tried that. I created a windows user with the same name as the folder in the FTP folder.
When I test the login it still says the directory is not available.
When I test the login it still says the directory is not available.
from a workstation are you able to browse to that directory? For example start > run > \\servername\servershare
ASKER
yep. and when I quit trying to isolate the user and just set the user permission for the entire FTP folder the login works. It's only when I try to restrict access to a sub folder in the FTP folder that it breaks.
Lets back up and start from scratch. You have FTP Service installed right? Now we will go through your web site directory. Do you have a main folder labeled such as "Web Sites" and then have subfolder such as "Customer 1" "Customer2" "Customer3" etc etc. Inside of the customer folder do you have the contents of their web site? If so, just add the user read / write permission for "customer 1" and direct the FTP to use this folder for this user. Is this the way you have it setup?
ASKER
Yes, FTP is installed.
In IIS, what I have is a folder for Web Sites and then another for FTP each website has a corresponding FTP site. The host I use sets it up this way. I'm not sure exactly what the relationship is. I can add a virtual directory to the FTP folder and if I name it the same as the website, the folder in the FTP folder becomes the virtual directory rather than adding a new folder.
In the physical directory there's just the one folder.
In IIS, what I have is a folder for Web Sites and then another for FTP each website has a corresponding FTP site. The host I use sets it up this way. I'm not sure exactly what the relationship is. I can add a virtual directory to the FTP folder and if I name it the same as the website, the folder in the FTP folder becomes the virtual directory rather than adding a new folder.
In the physical directory there's just the one folder.
Are you using a reseller plan? And from the sounds of it, this is possibly a colo server or rented?
ASKER
Kind of. It's a virtual server but they have some things preset that I can't get around, like the way the website and ftp folders are setup. I can do pretty much anything I want but I'm not sure how to get around that or if I even want to.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, unfortunately, they pointed me at the same article you first posted. Their support doesn't cover any configuration, just the server. I know that port 21 is open and that's what I was trying to use.
So, I'm stumped.
So, I'm stumped.