15th October 2007

How To Configure FTP User Isolation in IIS 5.0

posted in IIS 5.0 |

Right-click on each folder in turn and grant the appropriate user account Modify permission to their respective folders as shown here

Fig.11

Finally, we need to create an FTP virtual directory for each user such that each user will be dropped into their own home folder when they log in – in IIS 5.0 this is achieved simply by creating an FTP virtual directory which matches the username in question. Right-click the FTP site and click New | Virtual Directory to invoke the Virtual Directory Creation Wizard.

Fig.12

On the Virtual Directory Alias dialog box type an alias which matches an existing FTP user account. In this example I am creating the virtual directory for ftpuser1 so I use ftpuser1 as the Alias.

Fig.13

Click Next and then specify the location of the physical folder for ftpuser1

Fig.14

Click Next and then tick Write permission on the Access Permissions page

Fig.15

Click Next and then click Finish

Fig.16

You have now created the FTP virtual directory for the user account ‘ftpuser1’. Repeat this process for each user account so that each user has their own unique FTP virtual directory.

Fig.17

Now we are ready to test our FTP site and ensure that the ‘User Isolation’ is being properly enforced. In the screenshot below you can see that I have successfully logged in to the FTP site as ftpuser1. When I issue the PWD command you can see that I have been dropped straight into the virtual directory assigned to the ‘ftpuser1’ user account

Fig.18

When I issue the ‘cd ..’ command to navigate up to the root folder you can see that the command is successful. However, as this is an empty folder there is no way that I can browse or even see other user’s folders from here.

You can also see that if I try to upload a file to the root folder I am prevented from doing so and I receive a ‘550 – Access is denied’ error message.

Finally, even if I know the name of another user’s directory and I try to navigate to it I am denied access because the NTFS permissions on the underlying physical folder prevent me from doing so.

So, in summary you can see that it is possible to enforce an effective form of ‘user isolation’ using the IIS 5.0 FTP service. However, it has to be said that it requires a good deal more effort than creating an FTP Site with User Isolation in IIS 6.0

User Isolation is one of the coolest features of IIS 6.0 which you can read about here :

Isolating FTP Users (IIS 6.0)

References :

http://support.microsoft.com/?id=922731

http://support.microsoft.com/?id=201771

Pages: 1 2 3

This entry was posted on Monday, October 15th, 2007 at 12:32 pm and is filed under IIS 5.0. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

There are currently 5 responses to “How To Configure FTP User Isolation in IIS 5.0”

Why not let us know what you think by adding your own comment! Your opinion is as valid as anyone elses, so come on... let us know what you think.

  1. 1 On November 12th, 2008, newbie said:

    can you at least complete the tutorial??

    how can i add a new group?? by saying abrakadabra??

  2. 2 On November 12th, 2008, Paul Lynch said:

    @newbie,

    You don’t need to say ‘abrakadabra’ or anything else in fact – you simply need to read pages 2 and 3 of the article. The links to the 2nd and 3rd pages are at the bottom of the first page.

    Regards,

    Paul Lynch

  3. 3 On December 19th, 2008, Nick Tan said:

    Thanks for the help! I managed to create a secure FTP server for my w2k machine. However, when using fileZilla FTP client, I found out if i navgiate out of my virtual directory folder (example ftpuser1’s folder), I am not able to navigate back. I will be stuck at the ‘ftp content’ folder. I need to disconnect and reconnect to the FTP server which will again bring me to the default virtual directory.

  4. 4 On March 21st, 2010, Paul said:

    Thanks for this, I have followed your instructions and it works beautifully when access from Windows explorer and from the command prompt, however when accessing our ftp site remotely via a web browser it still defaults to the root. Am I missing something?

  5. 5 On March 22nd, 2010, Paul Lynch said:

    @Paul,

    This is probably due a change in the way Internet Explorer works which was introduced in IE7 :

    You cannot log on to an FTP site or you are redirected to the root folder of the FTP site in Internet Explorer 7
    http://support.microsoft.com/Default.aspx?kbid=941896

    I would suggest using a ‘proper’ FTP client instead wherever possible.

    Regards,

    Paul Lynch

Leave a Reply

You must be logged in to post a comment.

  • Calendar

  • December 2017
    M T W T F S S
    « Sep    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031