Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IIS/FTP 7.5 User Isolation

Posted on 2013-06-18
7
Medium Priority
?
556 Views
Last Modified: 2013-06-23
Weirdness.

We have IIS/FTP 7.5, Windows 2008 R2 SP1, current patches.  Site config: Actual FTP root unused.  All Virtual Directories are on other disk volumes, one for each customer.  They log in by appending the VD thus: ftp://ftp.redacted.com/VD.  This is a standalone server with no AD membership.  All FTP users are local Windows users.

Now one customer has a script that they can't modify and that can't traverse folders or append the VD.  So we tried to do one instance of User Isolation.  We only want this one user to be configured this way because we do not want to change the larger structure and disrupt all the other customers and their present login procedures for just this one customer.

We created a new disk volume like the others (this is a VM server) for the new customer as usual, and set the permissions.  We created the root folder with the user-named folder underneath and set the VDat the user folder (NOTE: we have also named the root folder after the user, and also "LocalUser" with and without a VD set there, and a LocalUser folder UNDER the root with its own VD entry and without, and with the user ID folder under that, with and without its own VD).  We already had Basic Authentication enabled for the whole FTP site and each VD.  We set Authorization specifically for admins and the user in all cases for the abovementioned VDs.

Now for the User Isolation settings: because we only want this one user affected, we can't choose User Name Physical Dir with disable global.  We have tried both User Name Physical with globals enabled and Do Not Isolate/Start in User Name directory.  We can get both to work (the former required that we move the target folder to the root where we do not want it).  The user ID in question can log on, and is directed to the folder we want. But something weird happens: when we test it and upload a file successfully (or copy a file into the folder manually on the server), the file sits for a bit and then disappears.  
We can't trace what is deleting the file or why.  Help!
0
Comment
Question by:AnonofIbid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39259386
File system auditing should tell you what is causing the file to be deleted.  That or FTP logs.

As to isolating this user, why not set up a dedicated FTP server/site for that user.  Can't get much more isolated than a dedicated IP address...
0
 

Author Comment

by:AnonofIbid
ID: 39259722
Thanks Paulmacd.  We are trying to avoid that, it's on a restrictive DMZ subnet where IPs are at a premium.  

We discovered that the user itself is performing the deletes, but without any user intervention.  Other users similarly configured do not do this.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 1500 total points
ID: 39259880
That user's process is scripted, right?  It seems at least possible it's the script doing the damage.
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 

Author Comment

by:AnonofIbid
ID: 39259907
Hi,

We haven't yet turned this over to the user because of the issue.  So far all of our testing is manual, using IE, Windows Explorer, command-line ftp, and FileZilla.  I can certainly see in the logs that a DELE command is issued when the user sits connected to the FTP server.  But I do not know why this happens.  We have configured a couple of other users this way and it does not happen, whether it's on the same or different volumes.  I will have to ask my partner in this testing whether he has tried deleting and recreating the user; I know I haven't.
0
 

Author Comment

by:AnonofIbid
ID: 39260558
We solved the issue - it was a script from another user whose delete parameters were too broad and ended up including this directory.  Sorry for the braincramp.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39260763
Great!
0
 

Author Closing Comment

by:AnonofIbid
ID: 39269664
Although it was not the specific user's script, another user (an admin of the specific area on the FTP site) had a script whose wildcard search ended up including this new folder, and was deleting.  This answer made us look into these possibilities.  Sometimes it's the simpler answer. :-)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question