Solved

ftp wierdness

Posted on 2015-02-05
10
115 Views
Last Modified: 2015-02-05
This is SBS2008. I have a couple of CNC Lathes in the factory which need to connect into our network. They can only use ftp. So i've created  couple of virtual directories within our default ftp site. For clarity, i've given the virtual directories the same name as the lathe which needs to connect into it. So i've created 2 users Lathe1 and Lathe2, and virtual directories Lathe1 and Lathe2.  

What I am finding is that is if I attempt to log into ftp://ourdomain/Lathe1  or ftp://ourdomain/Lathe2 no access is possible. Access is only allowed by logging onto ftp://ourdomain and what happens next depends on the credentials supplied. If I log onto ftp://ourdomain with my own credentials, I see the root of the ftp site and cannot access the virtual directories. If I log onto ftp://ourdomain with either of the Lathe credentials. I can see only the virtual directory for that lathe.

Actually this is exactly what I want. I just need to understand why it is happening. While I am testing all this, Lathe1 has permissions to access the entire ftp site. So I don't understand why logging onto the root of the ftp site takes him straight to his virtually directory and the root cannot be seen at all.

Can anyone explain this please?
0
Comment
Question by:TownTalk
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 40590863
One word: Security (i.e. not ftp weirdness)
Looking at what you tried and said, you're looking at it from a public website point of view, while MS (and other FTP software publishers) look at it from a security standpoint.
0
 

Author Comment

by:TownTalk
ID: 40590909
So when I log in as Lathe1, why can't I see the root of the ftp site? That user has full permissions for the entire site.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40590943
You told Windows that, Lathe1 should drop into Lathe1 virtual, and then you told Windows Lathe1 should have access to root. But since Lathe1 is already logged in, you can't go "higher" anymore (for example as a command "cd ..").

If your FTP userbase is small, I would suggest you use something else as your FTP server (like the free FTPzilla server), where user management is a no-brainer (it's very clear where users end up and where they have access to), and you finally get the antihammering/banning function to boot.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 14

Expert Comment

by:frankhelk
ID: 40590950
I presume there's some kind of "home" directory for every user, due to security reasons. And there's no way up by means of the FTP software. So every user sees only "his own" branch of the tree.

If you need to work it the other way (which you don't need, I know) there might be some setting in the user account settings of the FTP server that defines where to start.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40590951
Check Active / Passive FTP to see if you need to change that setting. This can affect credentials.

http://slacksite.com/other/ftp.html
0
 

Author Comment

by:TownTalk
ID: 40590980
@Kimputer: "You told Windows that, Lathe1 should drop into Lathe1 virtual " - Are you saying that i did this by giving the user the same name as the virtual directory?

@Frankhelk: Every user is configured without a home directory and has full permissions for the ftp root and virtual directories. My own user account for instance, can only see the root and cannot see the virtual directories at all, no matter how I try even though I am an adminstrator with full privileges for every part of the server.

@JohnHurst: It's currently in Active mode and I don't want to change anything will that might affect other users who already use the root of the ftp site.
0
 

Author Comment

by:TownTalk
ID: 40590986
Like I said in my original post... It's working exactly how I want it to. I just need to know how it got this way.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40590992
I would try Passive as a Test to see if that helps. At least you would know.
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
ID: 40590996
Yes, by using virtual directories in combination with the user isolation feature in IIS, this is expected behaviour.

Also, I've NEVER seen active/passive affect the way a user logs in or where it has access to or what the home folder will be. It only solves (or introduces) ftp transfers/listings problems.
0
 

Author Closing Comment

by:TownTalk
ID: 40591045
User Isolation! It's got a name. That's the explanation I was looking for. Thanks for your help.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
OfficeMate Freezes on login or does not load after login credentials are input.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question