Re: IIS 5, FTP, Different access permissions for different users

From: David Elliott (david.elliott@lifeway.com)
Date: 03/25/03 

From:     David Elliott <david.elliott@lifeway.com>
Date: Tue, 25 Mar 2003 04:40:32 -0800

BB,

Thanks for answering so quickly.

My objective is to have internal users (IPs on 172.16.0.0 subnet) login
in as intFTP ("internal FTP user") to write to outgoing folder and read
from incoming folder, and allow anonymous users (from anywhere) to read
from outgoing folder and write-only to incoming folder.

I first tried one FTP site (Default FTP) Home directory
E:\inetpub\ftproot containing outgoing and incoming folders (permissions
set at NTFS level -- seems to work) with the virtual directory "intFTP"
with Directory Security configured to deny access to all except
172.16.0.0 submask 255.255.0.0 also pointing to same path.
Result: Anonymous users get correct permissions. IntFTP users get
correct permissions.

Problem is that if you type: ftp://intFTP:password@ftp.domain.com in IE,
it allows intFTP access regardless of your IP address -- like the
172.16.0.0. restriction is ignored.

I tried making two FTP sites with different IPs on same machine,
pointing to same home directory: one for Anonymous and other userids and
one site just for intFTP with the intFTP Virtual Directory deleted from
original default FTP site and created underthe new intFTP FTP site.
Result: Can still login to default FTP site by typing
ftp://intFTP:password@ftp.domain.com in IE (even from internet with
client IP outside 172.16.0.0. range).

I was surprized that I could login to Default FTP site as intFTP and get
access to the incoming and outgoing folders since the intFTP virtual
directory only existed on the other FTP site.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Relevant Pages

  • Re: IIS 5, FTP, Different access permissions for different users
    ... with IP restricted 'intftp' login access, ... one thing i guess you don't need is the 'intftp' virtual directory. ... > My objective is to have internal users login> in as intFTP to write to outgoing folder and read ... > original default FTP site and created underthe new intFTP FTP site. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS 5, FTP, Different access permissions for different users
    ... namely intftp -> 'incoming', right? ... How To Set Up an FTP Site So That Users Log Onto Their Folders ... > I created a Virtual directory pointing to same path as ...
    (microsoft.public.inetserver.iis.security)
  • IIS 5, FTP, Different access permissions for different users
    ... outgoing folder and read from incoming folder, ... I first tried one FTP site Home directory ... with the virtual directory "intFTP" with Directory ...
    (microsoft.public.inetserver.iis.security)
  • Re: ftp virtual folder access
    ... Mode 2 is user isolation with AD integration. ... tested it in normal ftp setup, it does not require logon locally. ... try to log into a ftp site that is using a virtual directory, ...
    (microsoft.public.inetserver.iis.ftp)
  • RE: Cant access FTP sites requiring authentication
    ... FTP site as you mentioned. ... this issue occurs if ISA Server does not send the ... authentication information to the FTP server in the first request. ...
    (microsoft.public.windows.server.sbs)