I have IIS7 and I am using IIS6 ftp to manage my ftp website.
I have the default website and I created under it some virtual directories.
Now what I want to do is to give ftp users access to just one virtual directory i select, and prevent them from reading or writing to any other folders in the Default ftp site.
I don't want them to navigate through the ftp websites, just want them to access their place.
How i can do that in steps?
Answer
You need to implement FTP jailing. An overview:
Create a new folder somewhere, call it DEADEND (or something similar). In IIS, set the FTP root folder to point at this folder
All user folders will actually be located in a different place - so pick another folder for this (hell, use the original ftproot if you like)
Each local user on your server will have the path to their actual folder specified in the Local Path setting of the user account
In IIS, you will create a virtual directory for each user, pointing to their own folder.
So, some details:
Create the users home folder (NOT IN DEADEND), and make sure it matched exactly the users username (eg. d:\data\ftproot\bloggs)
Create the user account, (in this case the username is bloggs, and set the users Local Path setting to his home folder (eg. d:\data\ftproot\bloggs)
Create the virtual directory for the user in the FTP site, setting the alias to be exactly the same as the username (eg. bloggs), and set the path to the users home directory (eg. d:\data\ftproot\bloggs)
Adjust the physical home directory folder permissions (in the security permissions, untick the Full Control option for the user)
When a user they log in, they are taken directly to their home folder (d:\data\ftproot\bloggs). If they manage to break out of their home folder, they are taken to the FTP sites root folder, which is the DEADEND folder you set earlier, which has nothing in it. (I tend to keep a text file in there saying "NAUGHTY!")
No comments:
Post a Comment