Solved

IIS/FTP 7.5 User Isolation

Posted on 2013-06-18
7
533 Views
Last Modified: 2013-06-23
Weirdness.

We have IIS/FTP 7.5, Windows 2008 R2 SP1, current patches.  Site config: Actual FTP root unused.  All Virtual Directories are on other disk volumes, one for each customer.  They log in by appending the VD thus: ftp://ftp.redacted.com/VD.  This is a standalone server with no AD membership.  All FTP users are local Windows users.

Now one customer has a script that they can't modify and that can't traverse folders or append the VD.  So we tried to do one instance of User Isolation.  We only want this one user to be configured this way because we do not want to change the larger structure and disrupt all the other customers and their present login procedures for just this one customer.

We created a new disk volume like the others (this is a VM server) for the new customer as usual, and set the permissions.  We created the root folder with the user-named folder underneath and set the VDat the user folder (NOTE: we have also named the root folder after the user, and also "LocalUser" with and without a VD set there, and a LocalUser folder UNDER the root with its own VD entry and without, and with the user ID folder under that, with and without its own VD).  We already had Basic Authentication enabled for the whole FTP site and each VD.  We set Authorization specifically for admins and the user in all cases for the abovementioned VDs.

Now for the User Isolation settings: because we only want this one user affected, we can't choose User Name Physical Dir with disable global.  We have tried both User Name Physical with globals enabled and Do Not Isolate/Start in User Name directory.  We can get both to work (the former required that we move the target folder to the root where we do not want it).  The user ID in question can log on, and is directed to the folder we want. But something weird happens: when we test it and upload a file successfully (or copy a file into the folder manually on the server), the file sits for a bit and then disappears.  
We can't trace what is deleting the file or why.  Help!
0
Comment
Question by:AnonofIbid
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39259386
File system auditing should tell you what is causing the file to be deleted.  That or FTP logs.

As to isolating this user, why not set up a dedicated FTP server/site for that user.  Can't get much more isolated than a dedicated IP address...
0
 

Author Comment

by:AnonofIbid
ID: 39259722
Thanks Paulmacd.  We are trying to avoid that, it's on a restrictive DMZ subnet where IPs are at a premium.  

We discovered that the user itself is performing the deletes, but without any user intervention.  Other users similarly configured do not do this.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 39259880
That user's process is scripted, right?  It seems at least possible it's the script doing the damage.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:AnonofIbid
ID: 39259907
Hi,

We haven't yet turned this over to the user because of the issue.  So far all of our testing is manual, using IE, Windows Explorer, command-line ftp, and FileZilla.  I can certainly see in the logs that a DELE command is issued when the user sits connected to the FTP server.  But I do not know why this happens.  We have configured a couple of other users this way and it does not happen, whether it's on the same or different volumes.  I will have to ask my partner in this testing whether he has tried deleting and recreating the user; I know I haven't.
0
 

Author Comment

by:AnonofIbid
ID: 39260558
We solved the issue - it was a script from another user whose delete parameters were too broad and ended up including this directory.  Sorry for the braincramp.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39260763
Great!
0
 

Author Closing Comment

by:AnonofIbid
ID: 39269664
Although it was not the specific user's script, another user (an admin of the specific area on the FTP site) had a script whose wildcard search ended up including this new folder, and was deleting.  This answer made us look into these possibilities.  Sometimes it's the simpler answer. :-)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question