Solved

IIS/FTP 7.5 User Isolation

Posted on 2013-06-18
7
525 Views
Last Modified: 2013-06-23
Weirdness.

We have IIS/FTP 7.5, Windows 2008 R2 SP1, current patches.  Site config: Actual FTP root unused.  All Virtual Directories are on other disk volumes, one for each customer.  They log in by appending the VD thus: ftp://ftp.redacted.com/VD.  This is a standalone server with no AD membership.  All FTP users are local Windows users.

Now one customer has a script that they can't modify and that can't traverse folders or append the VD.  So we tried to do one instance of User Isolation.  We only want this one user to be configured this way because we do not want to change the larger structure and disrupt all the other customers and their present login procedures for just this one customer.

We created a new disk volume like the others (this is a VM server) for the new customer as usual, and set the permissions.  We created the root folder with the user-named folder underneath and set the VDat the user folder (NOTE: we have also named the root folder after the user, and also "LocalUser" with and without a VD set there, and a LocalUser folder UNDER the root with its own VD entry and without, and with the user ID folder under that, with and without its own VD).  We already had Basic Authentication enabled for the whole FTP site and each VD.  We set Authorization specifically for admins and the user in all cases for the abovementioned VDs.

Now for the User Isolation settings: because we only want this one user affected, we can't choose User Name Physical Dir with disable global.  We have tried both User Name Physical with globals enabled and Do Not Isolate/Start in User Name directory.  We can get both to work (the former required that we move the target folder to the root where we do not want it).  The user ID in question can log on, and is directed to the folder we want. But something weird happens: when we test it and upload a file successfully (or copy a file into the folder manually on the server), the file sits for a bit and then disappears.  
We can't trace what is deleting the file or why.  Help!
0
Comment
Question by:AnonofIbid
  • 4
  • 3
7 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 39259386
File system auditing should tell you what is causing the file to be deleted.  That or FTP logs.

As to isolating this user, why not set up a dedicated FTP server/site for that user.  Can't get much more isolated than a dedicated IP address...
0
 

Author Comment

by:AnonofIbid
ID: 39259722
Thanks Paulmacd.  We are trying to avoid that, it's on a restrictive DMZ subnet where IPs are at a premium.  

We discovered that the user itself is performing the deletes, but without any user intervention.  Other users similarly configured do not do this.
0
 
LVL 33

Accepted Solution

by:
paulmacd earned 500 total points
ID: 39259880
That user's process is scripted, right?  It seems at least possible it's the script doing the damage.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:AnonofIbid
ID: 39259907
Hi,

We haven't yet turned this over to the user because of the issue.  So far all of our testing is manual, using IE, Windows Explorer, command-line ftp, and FileZilla.  I can certainly see in the logs that a DELE command is issued when the user sits connected to the FTP server.  But I do not know why this happens.  We have configured a couple of other users this way and it does not happen, whether it's on the same or different volumes.  I will have to ask my partner in this testing whether he has tried deleting and recreating the user; I know I haven't.
0
 

Author Comment

by:AnonofIbid
ID: 39260558
We solved the issue - it was a script from another user whose delete parameters were too broad and ended up including this directory.  Sorry for the braincramp.
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 39260763
Great!
0
 

Author Closing Comment

by:AnonofIbid
ID: 39269664
Although it was not the specific user's script, another user (an admin of the specific area on the FTP site) had a script whose wildcard search ended up including this new folder, and was deleting.  This answer made us look into these possibilities.  Sometimes it's the simpler answer. :-)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now