?
Solved

ftp wierdness

Posted on 2015-02-05
10
Medium Priority
?
120 Views
Last Modified: 2015-02-05
This is SBS2008. I have a couple of CNC Lathes in the factory which need to connect into our network. They can only use ftp. So i've created  couple of virtual directories within our default ftp site. For clarity, i've given the virtual directories the same name as the lathe which needs to connect into it. So i've created 2 users Lathe1 and Lathe2, and virtual directories Lathe1 and Lathe2.  

What I am finding is that is if I attempt to log into ftp://ourdomain/Lathe1  or ftp://ourdomain/Lathe2 no access is possible. Access is only allowed by logging onto ftp://ourdomain and what happens next depends on the credentials supplied. If I log onto ftp://ourdomain with my own credentials, I see the root of the ftp site and cannot access the virtual directories. If I log onto ftp://ourdomain with either of the Lathe credentials. I can see only the virtual directory for that lathe.

Actually this is exactly what I want. I just need to understand why it is happening. While I am testing all this, Lathe1 has permissions to access the entire ftp site. So I don't understand why logging onto the root of the ftp site takes him straight to his virtually directory and the root cannot be seen at all.

Can anyone explain this please?
0
Comment
Question by:TownTalk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 36

Expert Comment

by:Kimputer
ID: 40590863
One word: Security (i.e. not ftp weirdness)
Looking at what you tried and said, you're looking at it from a public website point of view, while MS (and other FTP software publishers) look at it from a security standpoint.
0
 

Author Comment

by:TownTalk
ID: 40590909
So when I log in as Lathe1, why can't I see the root of the ftp site? That user has full permissions for the entire site.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 40590943
You told Windows that, Lathe1 should drop into Lathe1 virtual, and then you told Windows Lathe1 should have access to root. But since Lathe1 is already logged in, you can't go "higher" anymore (for example as a command "cd ..").

If your FTP userbase is small, I would suggest you use something else as your FTP server (like the free FTPzilla server), where user management is a no-brainer (it's very clear where users end up and where they have access to), and you finally get the antihammering/banning function to boot.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:frankhelk
ID: 40590950
I presume there's some kind of "home" directory for every user, due to security reasons. And there's no way up by means of the FTP software. So every user sees only "his own" branch of the tree.

If you need to work it the other way (which you don't need, I know) there might be some setting in the user account settings of the FTP server that defines where to start.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40590951
Check Active / Passive FTP to see if you need to change that setting. This can affect credentials.

http://slacksite.com/other/ftp.html
0
 

Author Comment

by:TownTalk
ID: 40590980
@Kimputer: "You told Windows that, Lathe1 should drop into Lathe1 virtual " - Are you saying that i did this by giving the user the same name as the virtual directory?

@Frankhelk: Every user is configured without a home directory and has full permissions for the ftp root and virtual directories. My own user account for instance, can only see the root and cannot see the virtual directories at all, no matter how I try even though I am an adminstrator with full privileges for every part of the server.

@JohnHurst: It's currently in Active mode and I don't want to change anything will that might affect other users who already use the root of the ftp site.
0
 

Author Comment

by:TownTalk
ID: 40590986
Like I said in my original post... It's working exactly how I want it to. I just need to know how it got this way.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40590992
I would try Passive as a Test to see if that helps. At least you would know.
0
 
LVL 36

Accepted Solution

by:
Kimputer earned 2000 total points
ID: 40590996
Yes, by using virtual directories in combination with the user isolation feature in IIS, this is expected behaviour.

Also, I've NEVER seen active/passive affect the way a user logs in or where it has access to or what the home folder will be. It only solves (or introduces) ftp transfers/listings problems.
0
 

Author Closing Comment

by:TownTalk
ID: 40591045
User Isolation! It's got a name. That's the explanation I was looking for. Thanks for your help.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question