Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ftp wierdness

Posted on 2015-02-05
10
Medium Priority
?
122 Views
Last Modified: 2015-02-05
This is SBS2008. I have a couple of CNC Lathes in the factory which need to connect into our network. They can only use ftp. So i've created  couple of virtual directories within our default ftp site. For clarity, i've given the virtual directories the same name as the lathe which needs to connect into it. So i've created 2 users Lathe1 and Lathe2, and virtual directories Lathe1 and Lathe2.  

What I am finding is that is if I attempt to log into ftp://ourdomain/Lathe1  or ftp://ourdomain/Lathe2 no access is possible. Access is only allowed by logging onto ftp://ourdomain and what happens next depends on the credentials supplied. If I log onto ftp://ourdomain with my own credentials, I see the root of the ftp site and cannot access the virtual directories. If I log onto ftp://ourdomain with either of the Lathe credentials. I can see only the virtual directory for that lathe.

Actually this is exactly what I want. I just need to understand why it is happening. While I am testing all this, Lathe1 has permissions to access the entire ftp site. So I don't understand why logging onto the root of the ftp site takes him straight to his virtually directory and the root cannot be seen at all.

Can anyone explain this please?
0
Comment
Question by:TownTalk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 36

Expert Comment

by:Kimputer
ID: 40590863
One word: Security (i.e. not ftp weirdness)
Looking at what you tried and said, you're looking at it from a public website point of view, while MS (and other FTP software publishers) look at it from a security standpoint.
0
 

Author Comment

by:TownTalk
ID: 40590909
So when I log in as Lathe1, why can't I see the root of the ftp site? That user has full permissions for the entire site.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 40590943
You told Windows that, Lathe1 should drop into Lathe1 virtual, and then you told Windows Lathe1 should have access to root. But since Lathe1 is already logged in, you can't go "higher" anymore (for example as a command "cd ..").

If your FTP userbase is small, I would suggest you use something else as your FTP server (like the free FTPzilla server), where user management is a no-brainer (it's very clear where users end up and where they have access to), and you finally get the antihammering/banning function to boot.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 14

Expert Comment

by:frankhelk
ID: 40590950
I presume there's some kind of "home" directory for every user, due to security reasons. And there's no way up by means of the FTP software. So every user sees only "his own" branch of the tree.

If you need to work it the other way (which you don't need, I know) there might be some setting in the user account settings of the FTP server that defines where to start.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 40590951
Check Active / Passive FTP to see if you need to change that setting. This can affect credentials.

http://slacksite.com/other/ftp.html
0
 

Author Comment

by:TownTalk
ID: 40590980
@Kimputer: "You told Windows that, Lathe1 should drop into Lathe1 virtual " - Are you saying that i did this by giving the user the same name as the virtual directory?

@Frankhelk: Every user is configured without a home directory and has full permissions for the ftp root and virtual directories. My own user account for instance, can only see the root and cannot see the virtual directories at all, no matter how I try even though I am an adminstrator with full privileges for every part of the server.

@JohnHurst: It's currently in Active mode and I don't want to change anything will that might affect other users who already use the root of the ftp site.
0
 

Author Comment

by:TownTalk
ID: 40590986
Like I said in my original post... It's working exactly how I want it to. I just need to know how it got this way.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 40590992
I would try Passive as a Test to see if that helps. At least you would know.
0
 
LVL 36

Accepted Solution

by:
Kimputer earned 2000 total points
ID: 40590996
Yes, by using virtual directories in combination with the user isolation feature in IIS, this is expected behaviour.

Also, I've NEVER seen active/passive affect the way a user logs in or where it has access to or what the home folder will be. It only solves (or introduces) ftp transfers/listings problems.
0
 

Author Closing Comment

by:TownTalk
ID: 40591045
User Isolation! It's got a name. That's the explanation I was looking for. Thanks for your help.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question