?
Solved

ftp wierdness

Posted on 2015-02-05
10
Medium Priority
?
124 Views
Last Modified: 2015-02-05
This is SBS2008. I have a couple of CNC Lathes in the factory which need to connect into our network. They can only use ftp. So i've created  couple of virtual directories within our default ftp site. For clarity, i've given the virtual directories the same name as the lathe which needs to connect into it. So i've created 2 users Lathe1 and Lathe2, and virtual directories Lathe1 and Lathe2.  

What I am finding is that is if I attempt to log into ftp://ourdomain/Lathe1  or ftp://ourdomain/Lathe2 no access is possible. Access is only allowed by logging onto ftp://ourdomain and what happens next depends on the credentials supplied. If I log onto ftp://ourdomain with my own credentials, I see the root of the ftp site and cannot access the virtual directories. If I log onto ftp://ourdomain with either of the Lathe credentials. I can see only the virtual directory for that lathe.

Actually this is exactly what I want. I just need to understand why it is happening. While I am testing all this, Lathe1 has permissions to access the entire ftp site. So I don't understand why logging onto the root of the ftp site takes him straight to his virtually directory and the root cannot be seen at all.

Can anyone explain this please?
0
Comment
Question by:TownTalk
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 37

Expert Comment

by:Kimputer
ID: 40590863
One word: Security (i.e. not ftp weirdness)
Looking at what you tried and said, you're looking at it from a public website point of view, while MS (and other FTP software publishers) look at it from a security standpoint.
0
 

Author Comment

by:TownTalk
ID: 40590909
So when I log in as Lathe1, why can't I see the root of the ftp site? That user has full permissions for the entire site.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40590943
You told Windows that, Lathe1 should drop into Lathe1 virtual, and then you told Windows Lathe1 should have access to root. But since Lathe1 is already logged in, you can't go "higher" anymore (for example as a command "cd ..").

If your FTP userbase is small, I would suggest you use something else as your FTP server (like the free FTPzilla server), where user management is a no-brainer (it's very clear where users end up and where they have access to), and you finally get the antihammering/banning function to boot.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:frankhelk
ID: 40590950
I presume there's some kind of "home" directory for every user, due to security reasons. And there's no way up by means of the FTP software. So every user sees only "his own" branch of the tree.

If you need to work it the other way (which you don't need, I know) there might be some setting in the user account settings of the FTP server that defines where to start.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40590951
Check Active / Passive FTP to see if you need to change that setting. This can affect credentials.

http://slacksite.com/other/ftp.html
0
 

Author Comment

by:TownTalk
ID: 40590980
@Kimputer: "You told Windows that, Lathe1 should drop into Lathe1 virtual " - Are you saying that i did this by giving the user the same name as the virtual directory?

@Frankhelk: Every user is configured without a home directory and has full permissions for the ftp root and virtual directories. My own user account for instance, can only see the root and cannot see the virtual directories at all, no matter how I try even though I am an adminstrator with full privileges for every part of the server.

@JohnHurst: It's currently in Active mode and I don't want to change anything will that might affect other users who already use the root of the ftp site.
0
 

Author Comment

by:TownTalk
ID: 40590986
Like I said in my original post... It's working exactly how I want it to. I just need to know how it got this way.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40590992
I would try Passive as a Test to see if that helps. At least you would know.
0
 
LVL 37

Accepted Solution

by:
Kimputer earned 2000 total points
ID: 40590996
Yes, by using virtual directories in combination with the user isolation feature in IIS, this is expected behaviour.

Also, I've NEVER seen active/passive affect the way a user logs in or where it has access to or what the home folder will be. It only solves (or introduces) ftp transfers/listings problems.
0
 

Author Closing Comment

by:TownTalk
ID: 40591045
User Isolation! It's got a name. That's the explanation I was looking for. Thanks for your help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question