Problem
==========
– FTP users were getting access denied.
– Also you wanted to configure your website and FTP site such that users should be able to logon to their respective folders.
– There should also be no folder listing shown to the users except their own content folders. Also to get the right security/permissions set for different FTP sites.
Cause
==========
– Improper configuration for the FTP site.
Resolution
==========
n You had multiple FTP sites (Initially 3).
n The FTP site that you were trying to log on to was showing 530 Access Denied.
n Found that we were using “Isolate Users” as the FTP User isolation mode for the FTP site.
n Since it was running under the “Isolate Users” mode, we needed to have the right hierarchy of folders created under FTP root.
Folder Structure should be in the following format in “Isolate Users” mode:
a. FTPRoot \ “LocalUser”\<LocalUseraccountname> for Local users (“LocalUser” should be the folder name).
b. FTPRoot \ <DomainName>\<Domainuseraccountname> for Domain users
c. FTPRoot \ “LocalUser”\”Public” for Anonymous users (“LocalUser should be the folder name”).
n We created the following folder structure under the FTP root and that resolved the issue of 530 Access denied errors.
n You also wanted to make sure that the existing Default FTP site should have a feature such that Users, who have their folders under the root, should see only their folder contents and not all the folder listings under FTP root.
n This is not possible by design in FTP unless we have the User account name same as the Virtual directory (or folder in other words) under the FTP site.
n For allowing users to directly go to their respective folders, we need the virtual directory under the FTP site to have the same name as the username (the username can be a local or domain user account). …………7
n We created a new FTP site with the Default “Do not isolate users” option. Also created new local user accounts having the same name as the virtual directories under FTP root.
n Now if we logon to the FTP site with a user account matching one of the Virtual directories, we go straight into the virtual directory without the entire FTP root level folders being shown to the user (according to pointer 7).
n If we logon to the FTP site with a user account whose name does not match the Virtual directories present under the FTP root, we will be shown the all the folders (or Virtual directories) in the FTP root.
n You wanted to secure the individual FTP virtual directories from being accessed by different users other than the owners.
n We set the necessary NTFS permissions for all the folders under the FTP root, depending upon the requirements.
Here in our case:-
– Domain and local Administrators have full rights on the folder.
– User account who owns a Virtual directory (here user accounts whose name matches the name of the Virtual directory under the FTP root) have the required permissions on the folders like (Read & Execute, Write, Modify and List Folder contents).
n Once we gave the necessary permissions to different directories under FTP root, we tested the same with command prompt.
The commands that we tried are:
FTP> DIR (that should show the current users default directory listing)
FTP> CD .. (To get one level up the hierarchy i.e. to the root path of the FTP site)…………..Note a space between CD and “..”
FTP> CD <some other folder for a different user under the FTP site)…It showed us “error: access is denied”.
n So this confirms that even if a user can see other folder listings s/he won’t be able to access the contents without having required privileges.
No comments yet.
Leave a comment