Solved

ftp wierdness

Posted on 2015-02-05
10
112 Views
Last Modified: 2015-02-05
This is SBS2008. I have a couple of CNC Lathes in the factory which need to connect into our network. They can only use ftp. So i've created  couple of virtual directories within our default ftp site. For clarity, i've given the virtual directories the same name as the lathe which needs to connect into it. So i've created 2 users Lathe1 and Lathe2, and virtual directories Lathe1 and Lathe2.  

What I am finding is that is if I attempt to log into ftp://ourdomain/Lathe1  or ftp://ourdomain/Lathe2 no access is possible. Access is only allowed by logging onto ftp://ourdomain and what happens next depends on the credentials supplied. If I log onto ftp://ourdomain with my own credentials, I see the root of the ftp site and cannot access the virtual directories. If I log onto ftp://ourdomain with either of the Lathe credentials. I can see only the virtual directory for that lathe.

Actually this is exactly what I want. I just need to understand why it is happening. While I am testing all this, Lathe1 has permissions to access the entire ftp site. So I don't understand why logging onto the root of the ftp site takes him straight to his virtually directory and the root cannot be seen at all.

Can anyone explain this please?
0
Comment
Question by:TownTalk
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 35

Expert Comment

by:Kimputer
Comment Utility
One word: Security (i.e. not ftp weirdness)
Looking at what you tried and said, you're looking at it from a public website point of view, while MS (and other FTP software publishers) look at it from a security standpoint.
0
 

Author Comment

by:TownTalk
Comment Utility
So when I log in as Lathe1, why can't I see the root of the ftp site? That user has full permissions for the entire site.
0
 
LVL 35

Expert Comment

by:Kimputer
Comment Utility
You told Windows that, Lathe1 should drop into Lathe1 virtual, and then you told Windows Lathe1 should have access to root. But since Lathe1 is already logged in, you can't go "higher" anymore (for example as a command "cd ..").

If your FTP userbase is small, I would suggest you use something else as your FTP server (like the free FTPzilla server), where user management is a no-brainer (it's very clear where users end up and where they have access to), and you finally get the antihammering/banning function to boot.
0
 
LVL 13

Expert Comment

by:frankhelk
Comment Utility
I presume there's some kind of "home" directory for every user, due to security reasons. And there's no way up by means of the FTP software. So every user sees only "his own" branch of the tree.

If you need to work it the other way (which you don't need, I know) there might be some setting in the user account settings of the FTP server that defines where to start.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Check Active / Passive FTP to see if you need to change that setting. This can affect credentials.

http://slacksite.com/other/ftp.html
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:TownTalk
Comment Utility
@Kimputer: "You told Windows that, Lathe1 should drop into Lathe1 virtual " - Are you saying that i did this by giving the user the same name as the virtual directory?

@Frankhelk: Every user is configured without a home directory and has full permissions for the ftp root and virtual directories. My own user account for instance, can only see the root and cannot see the virtual directories at all, no matter how I try even though I am an adminstrator with full privileges for every part of the server.

@JohnHurst: It's currently in Active mode and I don't want to change anything will that might affect other users who already use the root of the ftp site.
0
 

Author Comment

by:TownTalk
Comment Utility
Like I said in my original post... It's working exactly how I want it to. I just need to know how it got this way.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
I would try Passive as a Test to see if that helps. At least you would know.
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
Comment Utility
Yes, by using virtual directories in combination with the user isolation feature in IIS, this is expected behaviour.

Also, I've NEVER seen active/passive affect the way a user logs in or where it has access to or what the home folder will be. It only solves (or introduces) ftp transfers/listings problems.
0
 

Author Closing Comment

by:TownTalk
Comment Utility
User Isolation! It's got a name. That's the explanation I was looking for. Thanks for your help.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now