|
Home > Archive > IIS FTP Server > February 2005 > Win2003 NTFS Security bypassed by FTP
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Win2003 NTFS Security bypassed by FTP
|
|
| Kyle Holladay 2005-01-25, 2:51 am |
| Here is what I did:
1) Created the followign security groups
FTPGuests
FTPPowerUsers
FTPSuperUsers
2) Added the user FTPguest to the FTPGuests security group
3) Under the security tab for the FTPSuperUsers folder I assigned "Full
Control" to the FTPSuperUsers security group and UNchecked "Allow inheritable
permissions..." and removed permission for all but FTPSuperUsers and SYSTEM.
4) When logged in to Windows 2003 as user FTPguest I get "Access is denied"
as I should
This is where it gets odd, remember I am CORRECTLY denied access to the
FTPSuperUsers folder when logged into Windows 2003 as FTPguest however when I
connect to ftp.mydomain.com as FTPguest I have full access to all folders
including the FTPSuperUsers.
What have I done wrong???????
| |
|
| Kyle,
What do you mean you have "full access"? Do you mean that you can read and
write to the folder that you log in to? Or does it mean that you can see the
contents of the folder?
When you login via FTP, Microsoft FTP server will try to put you into a
folder within your FTP root that matches your user name. If it can't find
such a folder, it puts you in at the FTP root. There are some articles about
"FTP user isolation" in IIS on the Microsoft site as well as elsewhere on the
web.
--Pete
"Kyle Holladay" wrote:
> Here is what I did:
> 1) Created the followign security groups
> FTPGuests
> FTPPowerUsers
> FTPSuperUsers
> 2) Added the user FTPguest to the FTPGuests security group
> 3) Under the security tab for the FTPSuperUsers folder I assigned "Full
> Control" to the FTPSuperUsers security group and UNchecked "Allow inheritable
> permissions..." and removed permission for all but FTPSuperUsers and SYSTEM.
> 4) When logged in to Windows 2003 as user FTPguest I get "Access is denied"
> as I should
>
> This is where it gets odd, remember I am CORRECTLY denied access to the
> FTPSuperUsers folder when logged into Windows 2003 as FTPguest however when I
> connect to ftp.mydomain.com as FTPguest I have full access to all folders
> including the FTPSuperUsers.
>
> What have I done wrong???????
| |
| Bernard 2005-02-01, 2:47 am |
| Don't really get you. what's the effect ntfs permission of the folder.
and what's the username and folder name ?
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Kyle Holladay" <Kyle Holladay@discussions.microsoft.com> wrote in message
news:19F4AE73-9EB5-466B-9AE6-EDBE60D8469F@microsoft.com...
> Here is what I did:
> 1) Created the followign security groups
> FTPGuests
> FTPPowerUsers
> FTPSuperUsers
> 2) Added the user FTPguest to the FTPGuests security group
> 3) Under the security tab for the FTPSuperUsers folder I assigned "Full
> Control" to the FTPSuperUsers security group and UNchecked "Allow
> inheritable
> permissions..." and removed permission for all but FTPSuperUsers and
> SYSTEM.
> 4) When logged in to Windows 2003 as user FTPguest I get "Access is
> denied"
> as I should
>
> This is where it gets odd, remember I am CORRECTLY denied access to the
> FTPSuperUsers folder when logged into Windows 2003 as FTPguest however
> when I
> connect to ftp.mydomain.com as FTPguest I have full access to all folders
> including the FTPSuperUsers.
>
> What have I done wrong???????
|
|
|
|
|