|
Home > Archive > IIS Server Security > January 2004 > Another IIS Permissions Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Another IIS Permissions Question
|
|
| Jonathan W. 2004-01-24, 2:02 am |
| I'm trying to straighten out a mess at my new office on a web server
running IIS5 on Win2000.
Running basically as an ISP, have 8 websites running on the IIS
server, with FrontPage Server Extensions installed.
Most of our clients aren't allowed to upload their own files, however,
a couple sites need the ability to upload & change their site as
needed, so we have created FPSE accounts for each of those clients.
Problem is that either of those accounts, which can be used to
upload/change using either FP or directly thru FTP can browse all of
the other sites on the server -- not just their own. So, person-A
from Website-A can browse Website-B, C, and so on.
The other odd thing is that whenever you FTP into the server using the
person's account, it defaults to the wwwroot folder, which means you
can see everything inside -- which again, is all the websites.
So, 2 main questions:
1. Why is it that when you FTP into a specific site that it defaults
to the wwwroot directory, and not the specific website you're FTP'ing
into?
2. How can I keep this website administrator from browsing all of the
directories?
Here are the permissions...
Permissions are set as follows:
-Administrators: Full Control
-Everyone: Read
-Interactive: List Folder Contents
-System: List Folder Contents
-Network: List Folder Contents
Permissions on the Website in Question:
-Administrators: Full Control
-(Account used to administer the server from the client site): Full
Control
-IUSR Account: Read
Permissions on another random Website on the sam server:
-Administrators: Full Control
-System: List Folder Contents
-Network: List Folder Contents
-(Several OWS accounts for FPSE): List Folder Contents
| |
| Jeff Cochran 2004-01-24, 2:02 am |
| On 22 Jan 2004 20:16:21 -0800, CT1705@hotmail.com (Jonathan W.) wrote:
quote:
>I'm trying to straighten out a mess at my new office on a web server
>running IIS5 on Win2000.
>
>Running basically as an ISP, have 8 websites running on the IIS
>server, with FrontPage Server Extensions installed.
>
>Most of our clients aren't allowed to upload their own files, however,
>a couple sites need the ability to upload & change their site as
>needed, so we have created FPSE accounts for each of those clients.
>
>Problem is that either of those accounts, which can be used to
>upload/change using either FP or directly thru FTP can browse all of
>the other sites on the server -- not just their own. So, person-A
>from Website-A can browse Website-B, C, and so on.
>
>The other odd thing is that whenever you FTP into the server using the
>person's account, it defaults to the wwwroot folder, which means you
>can see everything inside -- which again, is all the websites.
>
>So, 2 main questions:
>1. Why is it that when you FTP into a specific site that it defaults
>to the wwwroot directory, and not the specific website you're FTP'ing
>into?
'Cause you set it up that way. 
quote:
>2. How can I keep this website administrator from browsing all of the
>directories?
See:
http://www.iisfaq.com/ExternalLink.aspx?L=418&P=14
The other secret is to use virtual folders.
Jeff
quote:
>Here are the permissions...
>
>Permissions are set as follows:
>-Administrators: Full Control
>-Everyone: Read
>-Interactive: List Folder Contents
>-System: List Folder Contents
>-Network: List Folder Contents
>
>Permissions on the Website in Question:
>-Administrators: Full Control
>-(Account used to administer the server from the client site): Full
>Control
>-IUSR Account: Read
>
>Permissions on another random Website on the sam server:
>-Administrators: Full Control
>-System: List Folder Contents
>-Network: List Folder Contents
>-(Several OWS accounts for FPSE): List Folder Contents
|
|
|
|
|