Monday, August 3, 2009

Setting up Microsoft FTP Correctly

For years I have shied away from using Microsoft FTP on a IIS server because I felt that it was not secure enough, well folks, there was one thing I did not know, and really, it was not for lack of searching. If Microsoft had a good article on it, then I did not find it. That was a real BYTE!

Here is what I knew virtualDirectory = user's name, so that always worked for me; but since you had to give "list" rights to all in the FTP site (this is because I only used one IP address [if you can give one IP to each FTP site then it is not an issue, but who can do that?], then a user could always go up to the root, and see all the virtual directories for every body else. I showed this to an ISP who really did not know about this. To my knowledge they never fixed it. Big, big problem.

1. User has account on the server like: usera, userb, userc

2. Domains, each with their own folder, and they have rights on each of their folders set with NTFS permissions: = c:\domains\usera-domainname = c:\domains\userb-domainname = c:\domains\userc-domainname

3. You then set up a new virtual directory for each user under the FTP site naming the virtual directory with the same name as the "username", and of course point them to the actual directory.

4. Here is the key I did not know: It seems like the whole key is to set the "Default" directory to go nowhere. What I mean is, create a folder somewhere on the drive, call it "deadend", "blackhole", "abyss", or whatever, and give everyone "list" rights. Point the "Default" folder for the FTP site to it. That is it.

So now I have multiple domains, each with a separate user loging-in to upload their web files, and none of them can "escape" back to top and see the rest of the domains. Pretty cool. Fairly secure, and all with the built in stuff and not having to use separate FTP software - Next on my list as far as FTP - Microsoft Secure FTP - what a concept!

The best article I found on it explaining that last piece of the puzzle for me, is here. Thanks for the article guys. I really appreciate it and love sending some of my readers over to you. Keep up the good work so we can Byte back at Technology.



No comments: