We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

powershell ftp directory creation

Medium Priority
777 Views
Last Modified: 2012-05-11
I have a powershell script that creates a directory based on input from the user.  The begining of the script uses a raed-host to assign a directory name to "$AccountName".  this is the portion of the code that I am using to assign permissions to the dreated directory,
#       ---Set Permissions on Folder
 
"Setting Permissions on E:\SecureFtpSite\Support\$AccountName"
 
$colRights = [System.Security.AccessControl.FileSystemRights]"Modify"
$Inherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$Propagate = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$User = New-Object System.Security.Principal.NTAccount("$Computer\$AccountName")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($User, $colRights , $Inherit, $Propagate, $objType)

$objACL = Get-Acl "E:\SecureFtpSite\Support\$AccountName"
$objACL.AddAccessRule($objACE)
 
Set-Acl "E:\SecureFtpSite\Support\$AccountName" $objACL
 
Start-Sleep -Seconds 5
 
"Permissions Successfully Applied!"

here is my issue.  the created account is in the ftp users group for the site and every account created has permission to list in every directory created.  I would like to restrict created  accounts to only be able to view directories that are created for the specific account.  Here is the code in its entirity.  everything is working with the exception of the granular level of permissions I require.  Any help would be appreciated

### PowerShell Script
### Create local User Acount
 
$AccountName = Read-Host "Please enter user account name (i.e. krisp)"
$FullName = Read-Host "Please enter the full name (i.e. Kris)"
$Description = Read-Host "Please enter the description (i.e. Krisp FTP Login)"
$Password = Read-Host "Please enter a password"
$Computer = "MYFTPSERVER"
 
"Creating user on $Computer"
 
# Access to Container using the COM library
$Container = [ADSI] "WinNT://$Computer"
 
# Create User
$objUser = $Container.Create("user", $Accountname)
$objUser.Put("Fullname", $FullName)
$objUser.Put("Description", $Description)
 
# Set Password
$objUser.SetPassword($Password)
 
# Save Changes
$objUser.SetInfo()
 
# Add User Flags
# The numbers are bitwise - 65536 is Password Never Expires ; 64 is User Cannot Change Password

$objUser.userflags = 65536 -bor 64
$objUser.SetInfo()
 
"User $AccountName created!"
" ------------------------"


 
#       ---Create FTP local directory---
 
"Creating directory E:\SecureFtpSite\Support\$AccountName"
 
New-Item E:\SecureFtpSite\Support\$AccountName -type directory  
Start-Sleep -Seconds 5
"Directory $AccountName created!"
" ------------------------"
 
 
#       ---Set Permissions on Folder
 
"Setting Permissions on E:\SecureFtpSite\Support\$AccountName"
 
$colRights = [System.Security.AccessControl.FileSystemRights]"Modify"
$Inherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$Propagate = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$User = New-Object System.Security.Principal.NTAccount("$Computer\$AccountName")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($User, $colRights , $Inherit, $Propagate, $objType)

$objACL = Get-Acl "E:\SecureFtpSite\Support\$AccountName"
$objACL.AddAccessRule($objACE)
 
Set-Acl "E:\SecureFtpSite\Support\$AccountName" $objACL
 
Start-Sleep -Seconds 5
 
"Permissions Successfully Applied!"
" ------------------------"
 
#       ---Add User to FTP Users Local Group
 
"Adding User to FTP Users Group"
 
$group = [ADSI]"WinNT://$computer/FTP Users"
$group.add("WinNT://$computer/$AccountName")
 
"User Added!"
"-------------------------"


Comment
Watch Question

To be clear please confirm:

1. User creates directory with FTP
2. User can view the directory and all other directories
3. You want the user to only be able to view the directories she/he creates

Eh?  Or is there a "specific account" that has the folder access specified, and a given user can access only those folders?  

Author

Commented:
yes we want the user to only be able to view the dir he/she creates
Is the "everyone group" is in the security settings for the created folders?  If so, try removing that.

Author

Commented:
since we are assigning permissions by creating a specific user, and then assigning that user modify permission to the folder.  I need to remove the FTP Users group from the permission to the folder.
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
BINGO!  good job - the points are yours.

Author

Commented:
thank you for you help in this matter.  Your responses were constructive and timely :)

Author

Commented:
the commands to set permissions were discovered by my own research
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.