Re: IIS 5, FTP, Different access permissions for different users
From: BB (Bernard_at_3exp.com)
From: "BB" <Bernard_at_3exp.com> Date: Wed, 26 Mar 2003 10:54:17 +0800
Ok. not sure if I got you right this time.
Say, you have 2 folders. outgoing and incoming
both under E:\inetpub\ftproot\
and you want to have anonymous access together
with IP restricted 'intftp' login access, right ?
anonymous and intftp access write is different, like
Ok. in this case, in your first try you are doing this correctly.
because you have both user's NTFS permission correctly figured out.
one thing i guess you don't need is the 'intftp' virtual directory.
what you need is to create 2 ftp sites.
say site1 -> anonymous access -> e:\inetpub\ftproot\
this site restrict only that is NOT from 172.16.x.x and use anonymous
site2 -> intftp access -> e:\inetpub\ftproot\
this site only ALLOW login from network coming from 172.16.x.x and need
I believe you got the permission setup correctly, it's only
the ftp IP restriction and the authentication.
IP restriction will work if you configure correctly.
side note: the above can be done using one site too. e.g. with 2
different virtual directory serve as the access channel when user
coming. same concept but using virtual directory method.
-- Regards, Bernard Cheah http://support.microsoft.com/ "David Elliott" <email@example.com> wrote in message news:ueEg6us8CHA.1740@TK2MSFTNGP12.phx.gbl... > BB, > > Thanks for answering so quickly. > > My objective is to have internal users (IPs on 172.16.0.0 subnet) login > in as intFTP ("internal FTP user") to write to outgoing folder and read > from incoming folder, and allow anonymous users (from anywhere) to read > from outgoing folder and write-only to incoming folder. > > I first tried one FTP site (Default FTP) Home directory > E:\inetpub\ftproot containing outgoing and incoming folders (permissions > set at NTFS level -- seems to work) with the virtual directory "intFTP" > with Directory Security configured to deny access to all except > 172.16.0.0 submask 255.255.0.0 also pointing to same path. > Result: Anonymous users get correct permissions. IntFTP users get > correct permissions. > > Problem is that if you type: ftp://intFTP:firstname.lastname@example.org in IE, > it allows intFTP access regardless of your IP address -- like the > 172.16.0.0. restriction is ignored. > > I tried making two FTP sites with different IPs on same machine, > pointing to same home directory: one for Anonymous and other userids and > one site just for intFTP with the intFTP Virtual Directory deleted from > original default FTP site and created underthe new intFTP FTP site. > Result: Can still login to default FTP site by typing > ftp://intFTP:email@example.com in IE (even from internet with > client IP outside 172.16.0.0. range). > > I was surprized that I could login to Default FTP site as intFTP and get > access to the incoming and outgoing folders since the intFTP virtual > directory only existed on the other FTP site. > > > > *** Sent via Developersdex http://www.developersdex.com *** > Don't just participate in USENET...get rewarded for it!