Re: hierarchical permissions?
- From: "geek-y-guy" <noone@xxxxxxxxxxx>
- Date: Fri, 21 Apr 2006 17:28:58 -0400
"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23F6LwxRZGHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
Wow that's ton of questions:
a) assumming your website everything is configured and running fine at
d:\website\
b) client webroot is at d:\website\c1, c2 ....
c) then you setup ftp server - set the root to some dummy d:\dummy\
d) create a virtual directory with the same name that the client login -
e.g. clientaccess1
then map it to d:\website\c1\
e) grant read & write permission for user Clientaccess at folder c1
f) repeat d - e for all clients.
OK, great...I will try that.
Sorry, Bernard, but was I supposed to create an FTP site with "user
isolation mode"?
I did that on my first try, and did the following:
-- Created a regular domain user
-- Created the FTP site with a dummy "home" directory
-- created a virtual directory with the same name as the user (with
read/write checked), pointing to the main website directory
-- gave the main website directory "change" permissions in NTFS for that
user name.
When I try to connect using SmartFTP client, I get:
220 Microsoft FTP Service
USER TestFTP1
331 Password required for TestFTP1.
PASS (hidden)
530 User TestFTP1 cannot log in, home directory inaccessible.
I went back and set NTFS "change" on the dummy ftp directory for that user
and got the same response.
I also checked the properties for the FTP site and it had "allow anonymous"
checked and just "read" permissions checked.
I un-checked allow anonymous and still can't get in.
I also tried connecting from IE6, and I'm given the login prompt, but it
doesn't accept the username and password.
I'll try setting it up without user isolation enabled and let you know.
When client login, it will redirect to their folder automatically, as the
username and virtual directory same. the key here is that you must
control access via NTFS.
side note - ftp upload can do magic :) e.g. user can't upload malicious
script etc to do magic stuff when it's executing at server end.
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/
"geek-y-guy" <noone@xxxxxxxxxxx> wrote in message
news:uialOMMZGHA.3532@xxxxxxxxxxxxxxxxxxxxxxx
Hi: Is the following possible with MSFTP?
-- Stand-Alone Windows Server 2003 Web Edition with one IP
-- web admin needs change permissions on entire website directory
-- less-privileged user needs read permissions on subdirectory in
website
-- no anonymous access
I basically need a login for uploading content changes to the entire
website, and then a separate login that's distributed to users that
gives them access to a download folder which is a subdirectory of the
website.
I can't figure out how to do this! If it's possible, can someone explain
to me how to set it up?
.
- Follow-Ups:
- Re: hierarchical permissions?
- From: Bernard Cheah [MVP]
- Re: hierarchical permissions?
- References:
- hierarchical permissions?
- From: geek-y-guy
- Re: hierarchical permissions?
- From: Bernard Cheah [MVP]
- Re: hierarchical permissions?
- From: geek-y-guy
- hierarchical permissions?
- Prev by Date: Re: STILL Sir !! : w2k3 built in FireWall Preventing PORTS !!!
- Next by Date: Re: i feel it doesn't work with ports in cmd !! : w2k3 built in FireWall Preventing PORTS !!!
- Previous by thread: Re: hierarchical permissions?
- Next by thread: Re: hierarchical permissions?
- Index(es):
Relevant Pages
|
