FTP rights (w2k8) VS NTFS rights

Posted on 2011-04-28
Last Modified: 2012-05-11

I am a little confused about the following and I would appreciate if someone could provide some help.

We would like to install an FTP Windows 2008. The FTP will be managing a shared folder on file server that is permissioned with NTFS.

We have disabled anonymous authentication and enabled basic authentication. Finally we have created a local user account (userftp) with READ/WRITE permissions to the share folder.

I have seen that the USERFTP is able to read/write to the shared folder even thought the local user doesn't have any NFTS rights for that particular share.

Does that make any sense? Can you please clarify?

Thank you.
Question by:llarava
    LVL 3

    Expert Comment

    Probably has something to do with the FTP or IIS service having access to that folder.  With basic authentication it's probably using the ACL for the service account and not the user account.  I don't think the share permissions would have anything to do with it.  I could be wrong.


    Author Comment

    What I am trying to understand is how the authorization rules (read/write) interact with NFTS permissions. Which one takes precedence assuming that we are using a windows local account assigned write rights (ftp level) but the same account has NTFS read access to the share.

    LVL 3

    Accepted Solution

    In IIS 7 you can control this with NTFS permissions. What is likely happening is that the local user account is a member of a group (for example, Users) that has some kind of permission to the folder. This happened in the link below:

    Does that link solve your problem too?

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now