Solved

IIS/FTP 7.5 User Isolation

Posted on 2013-06-18
7
540 Views
Last Modified: 2013-06-23
Weirdness.

We have IIS/FTP 7.5, Windows 2008 R2 SP1, current patches.  Site config: Actual FTP root unused.  All Virtual Directories are on other disk volumes, one for each customer.  They log in by appending the VD thus: ftp://ftp.redacted.com/VD.  This is a standalone server with no AD membership.  All FTP users are local Windows users.

Now one customer has a script that they can't modify and that can't traverse folders or append the VD.  So we tried to do one instance of User Isolation.  We only want this one user to be configured this way because we do not want to change the larger structure and disrupt all the other customers and their present login procedures for just this one customer.

We created a new disk volume like the others (this is a VM server) for the new customer as usual, and set the permissions.  We created the root folder with the user-named folder underneath and set the VDat the user folder (NOTE: we have also named the root folder after the user, and also "LocalUser" with and without a VD set there, and a LocalUser folder UNDER the root with its own VD entry and without, and with the user ID folder under that, with and without its own VD).  We already had Basic Authentication enabled for the whole FTP site and each VD.  We set Authorization specifically for admins and the user in all cases for the abovementioned VDs.

Now for the User Isolation settings: because we only want this one user affected, we can't choose User Name Physical Dir with disable global.  We have tried both User Name Physical with globals enabled and Do Not Isolate/Start in User Name directory.  We can get both to work (the former required that we move the target folder to the root where we do not want it).  The user ID in question can log on, and is directed to the folder we want. But something weird happens: when we test it and upload a file successfully (or copy a file into the folder manually on the server), the file sits for a bit and then disappears.  
We can't trace what is deleting the file or why.  Help!
0
Comment
Question by:AnonofIbid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39259386
File system auditing should tell you what is causing the file to be deleted.  That or FTP logs.

As to isolating this user, why not set up a dedicated FTP server/site for that user.  Can't get much more isolated than a dedicated IP address...
0
 

Author Comment

by:AnonofIbid
ID: 39259722
Thanks Paulmacd.  We are trying to avoid that, it's on a restrictive DMZ subnet where IPs are at a premium.  

We discovered that the user itself is performing the deletes, but without any user intervention.  Other users similarly configured do not do this.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 39259880
That user's process is scripted, right?  It seems at least possible it's the script doing the damage.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:AnonofIbid
ID: 39259907
Hi,

We haven't yet turned this over to the user because of the issue.  So far all of our testing is manual, using IE, Windows Explorer, command-line ftp, and FileZilla.  I can certainly see in the logs that a DELE command is issued when the user sits connected to the FTP server.  But I do not know why this happens.  We have configured a couple of other users this way and it does not happen, whether it's on the same or different volumes.  I will have to ask my partner in this testing whether he has tried deleting and recreating the user; I know I haven't.
0
 

Author Comment

by:AnonofIbid
ID: 39260558
We solved the issue - it was a script from another user whose delete parameters were too broad and ended up including this directory.  Sorry for the braincramp.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39260763
Great!
0
 

Author Closing Comment

by:AnonofIbid
ID: 39269664
Although it was not the specific user's script, another user (an admin of the specific area on the FTP site) had a script whose wildcard search ended up including this new folder, and was deleting.  This answer made us look into these possibilities.  Sometimes it's the simpler answer. :-)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question