Cannot access FTP

Posted on 2011-10-04
Last Modified: 2012-05-12
Hello All,
I've created an isolation ftp site under Windows 2008 R2, administrator can log in fine without any problem, but other users cannot log in.
they kept getting: 503 User cannot log in, home directory inaccessible.

I have:
h:\FTPHome\LocalUser\Administrator (Administrator has right to this directory)
h:\FTPHome\LocalUser\FTPTest1 (user FTPTest1 has right to this directory)
h:\FTPHome\LocalUser\PaulT (PaulT has right to this directory)

Like I have said, administrator logged in fine, but the other 2 users get the 503 error above.

Thanks for your help.

Question by:Paul-AC
    LVL 7

    Expert Comment

    by:Matthew England
    Sounds like they possibly don't have the rights to Read/Traverse the parent directory tree. What are the permissions on h:\FTPHome\LocalUser\ for your two non-admin users.

    You might also want to check the Local Security Policy to ensure Users (or a group containing your FTP Users, is granted the 'Access this computer From the Network' security right (and is not assigned the "Deny access to this computer from the network" security right)

    You'll also want to use the Bypass traverse checking security right for your FTP Users. This should prevent the OS from performing security checks up the file structure & will improve performance.

    Author Comment

    the two non-admin users don't have access to the h:\FTPHome\LocalUser
    Should I manually give them rights to the directory?
    if this is the case, then I have to do this every time I add new ftp users (that's time consuming, because I create a lot of ftp users).

    How do I use "the Bypass traverse checking security right for your FTP Users"?

    LVL 7

    Accepted Solution

    You wouldn't want to add permissions to each user individually. You would create a group, or use one that's already existing, such as "Users", a default groups in Windows, which includes all the users which exist locally on that machine. By default, Windows assigns the "Users" group, Read, Execute, List Folder Contents. If you add that permission back to the H:\ drive (This Directory) and h:\FTPHome\ (This directory & sub-directories) then you should be okay.

    If you turnned off inheritance on any of the directories then I'd reccomend turnning that back on, unless you want to set the permissions at each level.

    As for the "Bypass Traverse Checking" security right, simply launch the Local Security Policy MMC, (located in Administrative Tools either on your Start menu or Control Panel). Then expand it out to >Local Policies >>User Rights Assignments>> then select the Bypass Traverse Checking option. This should contain at a minimum one of the following; "Authenticated Users, Users, Everyone"

    Author Comment

    I checked to make sure and yes, the "Users" group have Read, Execute and List Folder Contents to both H:\FTPHome and F:\FTPHome\LocalUser
    and both non-admin users are members of the "User" group.
    So wonder why it's not working.

    Author Comment

    I deleted the ftp and recreated and it worked.
    on the "Bypass Traverse Checking" option.
    it currently has: Administrators, Backup Operators, Everyone, LOCAL SERVICE, NETWORK SERVICE, Users.
    Do I need to remove any of these at all?
    LVL 7

    Assisted Solution

    by:Matthew England
    No. You can leave those all in there.  


    Author Closing Comment


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now