• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 638
  • Last Modified:

How best to setup user access via ftp on IIS7?

I have direct access to a server and am hosting several websites. One of my clients wants FTP access to their website.

What's the best way to set up an FTP account for them that will allow them access to ONLY their site?

I've seen a couple different ways to do this. One way seems to be to add the user to the user pool on the server. I think the other way is to manage it through IIS but I'm not really sure what the security concerns are.

Thanks,
MH
0
MHenry
Asked:
MHenry
  • 6
  • 6
1 Solution
 
MCSA2003Commented:
You can follow this guide to setup the actual FTP Server in IIS. http://www.trainsignaltraining.com/windows-server-2008-ftp-iis7/2008-04-25/ When it gets to the point of setting up the physical path, browse out to the folder that contains the folder for the user in question.
0
 
Henrik JohanssonSystems engineerCommented:
In 'Server Manager', expand Roles, right-click 'Web Server' and choose 'Add Role'. Scroll down and choose 'FTP Publishing Service' to install the FTP component of IIS.
Manage the FTP site and create a virtual directory with the same name as the username and configure it to point to the local folder for user's website. When user logs on through FTP, the home/start directory will be the folder for the website.

For the security part, they will only be able to access the folders available through FTP configuration. If having other virtual directories in the FTP-site that shall be restricted, configure NTFS permissions on the local folder to only allow the authorized user and the IIS-user used for www-access to access it.
If not creating the local folders in the c:\inetpub\ftproot folder, the virtual directories will be hidden if someone tries to browse the FTP-structure.
0
 
MHenryAuthor Commented:
I've tried both of the suggestions and neither worked.

I went through the entire article (as well as the next which actually dealt with isolating the users) and the closest I got was an error saying "Can't login, home directory not available."

Any other suggestions?

Thanks,
MH

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
MCSA2003Commented:
Where is the home directory located and what permissions have you assigned. The user will need read and write since they will be editing the documents.
0
 
MHenryAuthor Commented:
Yeah, tried that. I created a windows user with the same name as the folder in the FTP folder.

When I test the login it still says the directory is not available.
0
 
MCSA2003Commented:
from a workstation are you able to browse to that directory? For example start > run > \\servername\servershare
0
 
MHenryAuthor Commented:
yep. and when I quit trying to isolate the user and just set the user permission for the entire FTP folder the login works. It's only when I try to restrict access to a sub folder in the FTP folder that it breaks.
0
 
MCSA2003Commented:
Lets back up and start from scratch. You have FTP Service installed right? Now we will go through your web site directory. Do you have a main folder labeled such as "Web Sites" and then have subfolder such as "Customer 1" "Customer2" "Customer3" etc etc. Inside of the customer folder do you have the contents of their web site? If so, just add the user read / write permission for "customer 1" and direct the FTP to use this folder for this user. Is this the way you have it setup?
0
 
MHenryAuthor Commented:
Yes, FTP is installed.

In IIS, what I have is a folder for Web Sites and then another for FTP each website has a corresponding FTP site. The host I use sets it up this way.  I'm not sure exactly what the relationship is. I can add a virtual directory to the FTP folder and if I name it the same as the website, the folder in the FTP folder becomes the virtual directory rather than adding a new folder.

In the physical directory there's just the one folder.
0
 
MCSA2003Commented:
Are you using a reseller plan? And from the sounds of it, this is possibly a colo server or rented?
0
 
MHenryAuthor Commented:
Kind of. It's a virtual server but they have some things preset that I can't get around, like the way the website and ftp folders are setup. I can do pretty much anything I want but I'm not sure how to get around that or if I even want to.
0
 
MCSA2003Commented:
I think your best bet is going to be to contact them. You don't know what type of security configurations they have in place. The could also be blocking stuff at the firewall.
0
 
MHenryAuthor Commented:
Yeah, unfortunately, they pointed me at the same article you first posted. Their support doesn't cover any configuration, just the server. I know that port 21 is open and that's what I was trying to use.

So, I'm stumped.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now