• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 363
  • Last Modified:

Setting permissions of an FTP upload directory in an Active Directory setup

Hi,

What we want is to offer a possibility for a user to upload data to a server by ftp (using his AD password), but do not want that the user can copy data from that directory to another directory when logged on on that server using Remote Desktop.

This may sound strange, but we need a human check that the uploaded data is allowed on the server by an administrator. The administrator will then copy the data from his FTP directory to the user'sfolder with more permissions.

We tried to set the rights of the directory to deny read  but this does not work as expected.
Although, in  remote desktop session the user can not read/execute any files in the FTP directory as expected, in his ftp client he can download data from his FTP directory? That is not wanted because this would allow a user to put sensitive data in his FTP directory and download it from the server.

Any suggestions?

Thanks
0
PjotterR
Asked:
PjotterR
1 Solution
 
pwindellCommented:
Pretty much,...impossible.   Just a "Star-Trek" fantasy.

Now if you have smart developers who work there that know how to write quality and secure software,...then they might be able to write an application that the person would use and the Application would do all that behind the scenes,...but you just are not going to do that with just the OS, and FTP Service, and Remote Desktop.
0
 
PjotterRAuthor Commented:
pwindell:

Exactually it is possible and I solved the problem by:

Setting NTFS rights of the download folder for the user as:

(CI)(RX)
(OI)(CI)(R)

And that of the upload folder:
(CI)(RX,DC)
(OI)(CI)(W)

The root FTP folder has only list permissions for the user group.

In the FTP Server (Cerberus Pro) I created virtual directories pointing to these two dirs with only download permissions of the download folder and write/delete permissions on the upload folder.


0
 
Glen KnightCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now