IIS6

From: Locher Thomas (Thomas.Locher_at_swarovski.com)
Date: 04/07/04

  • Next message: Alvin Oga: "Re: Secure host newbie - fun - humm - yup" 
    To: SECURITY-BASICS@securityfocus.com
Date: Wed, 7 Apr 2004 13:01:48 +0200

    Dear list,

    some of our users want to use ftp for changing files with external partners.
    We use WS_FTP 4.02 Server and have a http frontend for our users. They
    connect to our intranetserver and come to a page where they can create ftp
    accounts which are automatically deleted after three days. The site is
    programmed in php an the script runs the iftpaddu.exe to create the users.
    Until now we used Apache on our intrantserver where everything worked fine.
    Now we migrated to IIS6 on Windows 2003 and when a user without admin
    permissions runs this script on the intranet page it doesn't work. Local
    Admin Users can still use the feature and create users.
    Can you tell me in which user context such a script runs on the IIS and
    where i can configure this permission? When logging on to a server with a
    non admin user and running the iftpaddu.exe everything works fine - so the
    error must be somewhere in the permissions of iis.

    Thanks,
    Thomas

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Alvin Oga: "Re: Secure host newbie - fun - humm - yup"

    Relevant Pages

    • Re: IIS Server w/FTP
      ... each user / server, NTFS file permissions set on each home directory [e.g. ... Note that according to this article, "When anonymous users view the FTP ... they can only view the contents of the root folder. ...
      (microsoft.public.inetserver.iis.security)
    • RE: IIS 6 FTP
      ... the server after making a permissions change causes the settings to work ... This leads me to believe that the settings are cached ... Objet: IIS 6 FTP ... I configured permissions using two groups: ...
      (Security-Basics)
    • Re: FTP receive dont work from unix !!!
      ... Does the BizTalk Server Service user account have RW permissions over the ... remote FTP? ...
      (microsoft.public.biztalk.general)
    • Re: FTP Write Permission
      ... FTP is running and I can connect via the ... >Internet to my server. ... NTFS permissions on the target directory and trying again. ...
      (microsoft.public.inetserver.iis.ftp)
    • Re: write with cURL
      ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
      (alt.php)