|
Home > Archive > IIS FTP Server > February 2004 > FTP Protection
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| I=B4m running an IIS6 (IIS5 Isolation mode)with ftp=20
services. Right now I=B4m using the standard NTFS=20
permissions to grant access to respective ftp sites. My=20
problem is that this means that anyone with a ftp-account=20
can access other ftp-sites on the server using thier own=20
logon information. I have tried using the isolation=20
feature but ended up blocking every user.=20
Any suggestions?
Thanks in advance!
/Ola
| |
| Bernard 2004-02-09, 5:34 pm |
| what do you mean by blocking ?
try -
How To Set Up Isolated Ftp Site
http://support.microsoft.com/?id=555018
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"ola" <anonymous@discussions.microsoft.com> wrote in message
news:c92c01c3eeec$ab2c0ff0$a301280a@phx.gbl...
I´m running an IIS6 (IIS5 Isolation mode)with ftp
services. Right now I´m using the standard NTFS
permissions to grant access to respective ftp sites. My
problem is that this means that anyone with a ftp-account
can access other ftp-sites on the server using thier own
logon information. I have tried using the isolation
feature but ended up blocking every user.
Any suggestions?
Thanks in advance!
/Ola
| |
|
| But that is just what I tried and then none of the NTFS=20
permissions worked to log on to the FTP sites.=20
And if I try to use the directory security in IIS Manager=20
nothing happens. That is if I supply a password for a=20
specified user IIS Manager sets a completely different=20
password, which I cannot read, than the one I supplied=20
even though being prompted to supply it twice in order to=20
confirm. I do not understand why.
/Ola
>-----Ursprungligt meddelande-----
>what do you mean by blocking ?
>
>try -
>How To Set Up Isolated Ftp Site
>http://support.microsoft.com/?id=3D555018
>
>
>--=20
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in=20
message
>news:c92c01c3eeec$ab2c0ff0$a301280a@phx.gbl...
>I=B4m running an IIS6 (IIS5 Isolation mode)with ftp
>services. Right now I=B4m using the standard NTFS
>permissions to grant access to respective ftp sites. My
>problem is that this means that anyone with a ftp-account
>can access other ftp-sites on the server using thier own
>logon information. I have tried using the isolation
>feature but ended up blocking every user.
>
>Any suggestions?
>
>Thanks in advance!
>/Ola
>
>
>.
>
| |
| Bernard 2004-02-09, 7:34 pm |
| I don't quite get you. the question now is
a) can you start the isolated ftp site ?
b) can you login ? does user has it's own ftp root ?
c) can user do dir listing ?
d) can user download or upload files ?
e) have you configure the correct ntfs permission ?
f) is the folder on local hard drive or UNC path ?
g) any error msgs ?
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"ola" <anonymous@discussions.microsoft.com> wrote in message
news:d86e01c3efa6$30152e90$a001280a@phx.gbl...
But that is just what I tried and then none of the NTFS
permissions worked to log on to the FTP sites.
And if I try to use the directory security in IIS Manager
nothing happens. That is if I supply a password for a
specified user IIS Manager sets a completely different
password, which I cannot read, than the one I supplied
even though being prompted to supply it twice in order to
confirm. I do not understand why.
/Ola
>-----Ursprungligt meddelande-----
>what do you mean by blocking ?
>
>try -
>How To Set Up Isolated Ftp Site
>http://support.microsoft.com/?id=555018
>
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in
message
>news:c92c01c3eeec$ab2c0ff0$a301280a@phx.gbl...
>I´m running an IIS6 (IIS5 Isolation mode)with ftp
>services. Right now I´m using the standard NTFS
>permissions to grant access to respective ftp sites. My
>problem is that this means that anyone with a ftp-account
>can access other ftp-sites on the server using thier own
>logon information. I have tried using the isolation
>feature but ended up blocking every user.
>
>Any suggestions?
>
>Thanks in advance!
>/Ola
>
>
>.
>
| |
| Paul Lynch 2004-02-09, 9:34 pm |
| On Mon, 9 Feb 2004 01:11:14 -0800, "ola"
<anonymous@discussions.microsoft.com> wrote:
>I´m running an IIS6 (IIS5 Isolation mode)with ftp
>services. Right now I´m using the standard NTFS
>permissions to grant access to respective ftp sites. My
>problem is that this means that anyone with a ftp-account
>can access other ftp-sites on the server using thier own
>logon information. I have tried using the isolation
>feature but ended up blocking every user.
>
>Any suggestions?
>
>Thanks in advance!
>/Ola
Ola,
Try this :
http://www.microsoft.com/technet/tr...ftp_isolate.asp
Regards,
Paul Lynch
MCSE
| |
|
| The ftp-site starts in isolated mode but noone can login=20
using the ntfs permissions or anything else for that=20
matter. The permissions are correct and the folder is on=20
a local drive - no error messages except the message=20
saying that login failed based on the information=20
provided.
/Ola
>-----Ursprungligt meddelande-----
>I don't quite get you. the question now is
>a) can you start the isolated ftp site ?
>b) can you login ? does user has it's own ftp root ?
>c) can user do dir listing ?
>d) can user download or upload files ?
>e) have you configure the correct ntfs permission ?
>f) is the folder on local hard drive or UNC path ?
>g) any error msgs ?
>
>
>--=20
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in=20
message
>news:d86e01c3efa6$30152e90$a001280a@phx.gbl...
>But that is just what I tried and then none of the NTFS
>permissions worked to log on to the FTP sites.
>
>And if I try to use the directory security in IIS Manager
>nothing happens. That is if I supply a password for a
>specified user IIS Manager sets a completely different
>password, which I cannot read, than the one I supplied
>even though being prompted to supply it twice in order to
>confirm. I do not understand why.
>
>/Ola
>
>
>
>message
account[color=blue]
>
>
>.
>
| |
|
| Paul,
This is copied from the article that you suggested:
---In the FTP User Isolation Credentials dialog box, type=20
the user name (in the form domainname\username),=20
password, and the default user domain of the account used=20
to access Active Directory, and then click Next. ---
This I=B4ve tried a many times, the problem for me is that=20
the password I supply (I=B4ve tried many different)is not=20
saved. I write it - being prompted to write it again -=20
close the properites - and it is gone and replaced with a=20
password out of my knowledge. The user name however is=20
saved.
/Ola
>-----Ursprungligt meddelande-----
>On Mon, 9 Feb 2004 01:11:14 -0800, "ola"
><anonymous@discussions.microsoft.com> wrote:
>
account=20[color=blue]
own=20[color=blue]
>
>Ola,
>
>Try this :
>
>http://www.microsoft.com/technet/treeview/default.asp?
url=3D/technet/prodtechnol/windowsserver2003/proddocs/standa
rd/wsa_ftp_isolate.asp
>
>
>Regards,
>
>Paul Lynch
>MCSE
>.
>
| |
| Bernard 2004-02-11, 7:34 pm |
| a) can you start the isolated ftp site ?
have you succesfully created the isolate site ?
is you server a member server to the domain ?
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
<anonymous@discussions.microsoft.com> wrote in message
news:f38c01c3f136$e2bef800$a501280a@phx.gbl...
The ftp-site starts in isolated mode but noone can login
using the ntfs permissions or anything else for that
matter. The permissions are correct and the folder is on
a local drive - no error messages except the message
saying that login failed based on the information
provided.
/Ola
>-----Ursprungligt meddelande-----
>I don't quite get you. the question now is
>a) can you start the isolated ftp site ?
>b) can you login ? does user has it's own ftp root ?
>c) can user do dir listing ?
>d) can user download or upload files ?
>e) have you configure the correct ntfs permission ?
>f) is the folder on local hard drive or UNC path ?
>g) any error msgs ?
>
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in
message
>news:d86e01c3efa6$30152e90$a001280a@phx.gbl...
>But that is just what I tried and then none of the NTFS
>permissions worked to log on to the FTP sites.
>
>And if I try to use the directory security in IIS Manager
>nothing happens. That is if I supply a password for a
>specified user IIS Manager sets a completely different
>password, which I cannot read, than the one I supplied
>even though being prompted to supply it twice in order to
>confirm. I do not understand why.
>
>/Ola
>
>
>
>message
account[color=blue]
>
>
>.
>
| |
| Bernard 2004-02-12, 8:34 pm |
| Just the ftp site ..
now b)
can you login to your ftp site using ftp.exe ?
e.g ftp localhost
do you see the login prompt ?
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"ola" <anonymous@discussions.microsoft.com> wrote in message
news:f4f901c3f158$c2dfaa80$a501280a@phx.gbl...
The site is successfully created.
Do you mean the entire server or just the ftp-servers
running on the machine?
>-----Ursprungligt meddelande-----
>a) can you start the isolated ftp site ?
>
>have you succesfully created the isolate site ?
>is you server a member server to the domain ?
>
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:f38c01c3f136$e2bef800$a501280a@phx.gbl...
>The ftp-site starts in isolated mode but noone can login
>using the ntfs permissions or anything else for that
>matter. The permissions are correct and the folder is on
>a local drive - no error messages except the message
>saying that login failed based on the information
>provided.
>
>/Ola
>message
Manager[color=blue]
to[color=blue]
>account
own[color=blue]
>
>
>.
>
| |
|
| Well this might be my problem. I haven=B4t created any=20
domains for the ftp-servers.=20
Just for sure I=B4ll describe my problem once again. I have=20
the websites on localdrive D: I have set the permissions=20
using ntfs standard. I create an isolated ftp-site using=20
the wizard connected to the specific folder. It runs. So=20
far so good. Whenever I try to reach it via ftp=20
(ftp://ip) I get prompted for a login. But login fails
BTW Thanks for all your help so far Bernard. Have a nice=20
weekend and I=B4ll be back at the computer on monday.
>-----Ursprungligt meddelande-----
>Just the ftp site ..
>
>now b)
>can you login to your ftp site using ftp.exe ?
>e.g ftp localhost
>
>do you see the login prompt ?
>
>--=20
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in=20
message
>news:f4f901c3f158$c2dfaa80$a501280a@phx.gbl...
>The site is successfully created.
>
>Do you mean the entire server or just the ftp-servers
>running on the machine?
>
>
>
>Manager
>to
My[color=blue]
>own
>
>
>.
>
| |
| Bernard 2004-02-15, 1:34 am |
| In your case.
a) login fails - if it's error 530, make sure you
grant user 'logon locally' right
b) you should either create your website folder name
as your ftp user name or don't use isolated features
and use standard ftp site and force user logon on to their website path.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"ola" <anonymous@discussions.microsoft.com> wrote in message
news:ff7901c3f237$96f77a30$a601280a@phx.gbl...
Well this might be my problem. I haven´t created any
domains for the ftp-servers.
Just for sure I´ll describe my problem once again. I have
the websites on localdrive D: I have set the permissions
using ntfs standard. I create an isolated ftp-site using
the wizard connected to the specific folder. It runs. So
far so good. Whenever I try to reach it via ftp
(ftp://ip) I get prompted for a login. But login fails
BTW Thanks for all your help so far Bernard. Have a nice
weekend and I´ll be back at the computer on monday.
>-----Ursprungligt meddelande-----
>Just the ftp site ..
>
>now b)
>can you login to your ftp site using ftp.exe ?
>e.g ftp localhost
>
>do you see the login prompt ?
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in
message
>news:f4f901c3f158$c2dfaa80$a501280a@phx.gbl...
>The site is successfully created.
>
>Do you mean the entire server or just the ftp-servers
>running on the machine?
>
>
>
>Manager
>to
My[color=blue]
>own
>
>
>.
>
| |
|
| That=B4s exactly what I do right now.
But it also means that anyone with an ftp-account can=20
login to another ftp-account on the same machine.
Put it this way. You have an account for your ftp called=20
bernard and password bernard on my machine. I have one=20
called ola and password ola. This means that you can=20
login to MY ftp-account using user: bernard pass: bernard=20
This is what I consider low security and I want to make=20
this impossible. If isolating ftp-sites don=B4t work then=20
what is?
Again. Thanks for all your help.
>-----Ursprungligt meddelande-----
>In your case.
>a) login fails - if it's error 530, make sure you
>grant user 'logon locally' right
>
>b) you should either create your website folder name
>as your ftp user name or don't use isolated features
>and use standard ftp site and force user logon on to=20
their website path.
>
>--=20
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in=20
message
>news:ff7901c3f237$96f77a30$a601280a@phx.gbl...
>Well this might be my problem. I haven=B4t created any
>domains for the ftp-servers.
>
>Just for sure I=B4ll describe my problem once again. I have
>the websites on localdrive D: I have set the permissions
>using ntfs standard. I create an isolated ftp-site using
>the wizard connected to the specific folder. It runs. So
>far so good. Whenever I try to reach it via ftp
>(ftp://ip) I get prompted for a login. But login fails
>
>BTW Thanks for all your help so far Bernard. Have a nice
>weekend and I=B4ll be back at the computer on monday.
>
>
>message
login[color=blue]
on[color=blue]
NTFS[color=blue]
>My
>
>
>.
>
| |
| Bernard 2004-02-15, 6:34 pm |
| Err.. as mentioned previously -
a) use ftp isolated, this will 'force' user only
to access their root path, regarding on how to
do this, refer the first kb link I gave you
b) the native IIS5.0 way, 'redirect' user to
their home folder, however user still be able to
navigate to ftproot by sending 'cd ..' command.
you can advoid the above with the use of 'virtual
directory'.
now, what you describe is not consider LOW security,
as admin you can control access via NTFS permission.
so I as a user of your server only allow to access
my folder. not yours or other. unless you configure
NTFS permission to allow me to read or write or etc.
get more detail here -
HOW TO: Limit FTP Access in Windows 2000
http://support.microsoft.com/?id=318712
HOW TO: Create a Secure FTP Directory that Uses Password Authentication
http://support.microsoft.com/?id=239120
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"ola" <anonymous@discussions.microsoft.com> wrote in message
news:111b901c3f45c$68e51cc0$a501280a@phx
.gbl...
That´s exactly what I do right now.
But it also means that anyone with an ftp-account can
login to another ftp-account on the same machine.
Put it this way. You have an account for your ftp called
bernard and password bernard on my machine. I have one
called ola and password ola. This means that you can
login to MY ftp-account using user: bernard pass: bernard
This is what I consider low security and I want to make
this impossible. If isolating ftp-sites don´t work then
what is?
Again. Thanks for all your help.
>-----Ursprungligt meddelande-----
>In your case.
>a) login fails - if it's error 530, make sure you
>grant user 'logon locally' right
>
>b) you should either create your website folder name
>as your ftp user name or don't use isolated features
>and use standard ftp site and force user logon on to
their website path.
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"ola" <anonymous@discussions.microsoft.com> wrote in
message
>news:ff7901c3f237$96f77a30$a601280a@phx.gbl...
>Well this might be my problem. I haven´t created any
>domains for the ftp-servers.
>
>Just for sure I´ll describe my problem once again. I have
>the websites on localdrive D: I have set the permissions
>using ntfs standard. I create an isolated ftp-site using
>the wizard connected to the specific folder. It runs. So
>far so good. Whenever I try to reach it via ftp
>(ftp://ip) I get prompted for a login. But login fails
>
>BTW Thanks for all your help so far Bernard. Have a nice
>weekend and I´ll be back at the computer on monday.
>
>
>message
login[color=blue]
on[color=blue]
NTFS[color=blue]
>My
>
>
>.
>
|
|
|
|
|