Solved

FTP Folder Access

Posted on 2014-04-23
7
594 Views
Last Modified: 2014-06-04
We have an FTP (SSL) site via IIS7 - I need to isolate folders

Under FTP root User A can connect and access  - I need to create a folder under root that User A & B can access - But user B cannot access the Root directory

How is this best done?

Thanks,
0
Comment
Question by:sparkis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 13

Expert Comment

by:SagiEDoc
ID: 40019418
This can be achieved with folder permissions. The issue being that you will need to create an A and B folder in the root. User A and B will both need read access to the root. The you can assign user A and user B the required permissions needed for folder A and folder B.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40019598
on root folder assign authenticated users read \ read and execute and list folder contents NTFS permissions
The from advanced security permissions remove inheritance and keep only system, administrators group full control permissions, remove any other groups except authenticated users there on the ACL and change authenticated users permissions scope (Applies to) to This folder only

Now get into FTP root folder and provide required individual users \ groups required permissions on sub folders so that users can access only sub folders for which they got access

Mahesh
0
 

Author Comment

by:sparkis
ID: 40019857
I have been able to control access to each folder under root via Allow/Deny Authorization rule inheritance on the FTP folders within IIS

So User A can access Folder A and User B can access folder B

Is there a way from within IIS that these folders are only visible to the appropriate user - that would be ideal. As of now they can both see both folder they just cannot access each others folder.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 13

Expert Comment

by:SagiEDoc
ID: 40020007
There is a list folder / read data permission you could attempt to use to prevent the users seeing folders that are not applicable to them.
0
 

Author Comment

by:sparkis
ID: 40020056
Under NTFS? - I tried this and it did not work.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40021439
This way you can't restrict

In case of shared folders, you can enable access based enumeration on shared folder properties

But in case of FTP this is also not possible unless you explicitly share FTP root folder

Mahesh.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 40021712
This is not that difficult.  

A lot depends on how your users are managed.
In either case, you set A to use the root folder.
For B, you set their root/home directory to the subdirectory.  

Now, as you saw, A will still be able to at least see that B's directory exists.  If you need them isolated, then you turn on the directory isolation, and assign each of them their own folders at a parallel level.

Coralon
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question