Separate Anonymous Access User to prevent FTP browsing?

TheMSsForum.com: The Microsoft Software Forum

I have several virtual webs running in the same FTP root folder. Users
update their sites via FTP using accounts that have the folder name (to dump
them there) and write access to only their own folder tree.

With this setup, a user can authenticate with their FTP account, browse from
their folder to the FTP server root and back down to other FTP based web
sites to view and list files. Though files are read only at that point,
some users consider it a security problem as they tend to have web pages
that are not "published" (linked to) or leave things in their sites they
don't want others reading. (The security by obscurity model.) This occurs
even if the virtual WWW web requires a password for HTTP access.

This behavior seems to be the norm among FTP web sites sharing the same IP
on IIS.

Despite being instructed that all files in a web server are publicly
available and they should take pains to make sure information does not leak
out that way, the users still complain about it.

I was looking at the "anonymous user access" feature and wondered if the
following plan is feasable:

- Make an account used to edit the FTP site (folder) for each user to edit
with read/write access.

- Point the WWW virtual web at that same folder.

- Make a new account and add it to the "anonymous user access" account for
that virtual web, then give that account read only access to the folder tree
that contains that web.

The net effect should be there are no shared accounts with even "read"
access to other folders in this directory tree under the root of the FTP
server (i.e. webmasters can't browse each other's sites).

Has anybody done this and obtained the proper result? (i.e. no browsing
across FTP webs)

I do not mind the extra steps to go through to do the task, but do not want
to mess up the permissions on a live web server without a little background
to get started with.

Thanks!
Top

Re: Separate Anonymous Access User to prevent FTP browsing? by Lou

Lou
Sat Feb 21 09:05:01 CST 2004

All you need to do is remove NTFS permissions.

For example user1 goes into user1 dir. But user2 goes into user2 dir. If
you make sure that user1 has no NTFS permissions on user2's dir then they
will not be able to get access.

"Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
news:40368888$1_3@newspeer2.tds.net...
>
> I have several virtual webs running in the same FTP root folder. Users
> update their sites via FTP using accounts that have the folder name (to
dump
> them there) and write access to only their own folder tree.
>
> With this setup, a user can authenticate with their FTP account, browse
from
> their folder to the FTP server root and back down to other FTP based web
> sites to view and list files. Though files are read only at that point,
> some users consider it a security problem as they tend to have web pages
> that are not "published" (linked to) or leave things in their sites they
> don't want others reading. (The security by obscurity model.) This
occurs
> even if the virtual WWW web requires a password for HTTP access.
>
> This behavior seems to be the norm among FTP web sites sharing the same IP
> on IIS.
>
> Despite being instructed that all files in a web server are publicly
> available and they should take pains to make sure information does not
leak
> out that way, the users still complain about it.
>
> I was looking at the "anonymous user access" feature and wondered if the
> following plan is feasable:
>
> - Make an account used to edit the FTP site (folder) for each user to edit
> with read/write access.
>
> - Point the WWW virtual web at that same folder.
>
> - Make a new account and add it to the "anonymous user access" account for
> that virtual web, then give that account read only access to the folder
tree
> that contains that web.
>
> The net effect should be there are no shared accounts with even "read"
> access to other folders in this directory tree under the root of the FTP
> server (i.e. webmasters can't browse each other's sites).
>
> Has anybody done this and obtained the proper result? (i.e. no browsing
> across FTP webs)
>
> I do not mind the extra steps to go through to do the task, but do not
want
> to mess up the permissions on a live web server without a little
background
> to get started with.
>
> Thanks!
>
>


Top

Re: Separate Anonymous Access User to prevent FTP browsing? by JabberSmith

JabberSmith
Sat Feb 21 09:41:39 CST 2004

Thanks for the input, but that part is done and the problem persists.

The problem is the same box also has FP extensions and FP webs on it. Any
user (Browser access or above) can log in via FTP with IE, and browse the
folders of all the FTP webs even though they are different roots.

I think the issue is not the folder level permissions (NTFS seems to keep
people from writing where they shouldn't OK.) but an IIS issue where one
user is not distinguished as someone intended for FTP rather than FrontPage
stuff. The FTP just has "authenticated user" as the browse function, rather
than "particular authenticated user gets this directory tree" as the browse
function.

So I am looking for a solution to keep people from even seeing stuff they do
not have write access to as well, the FTP server does not distinquish... so
if the NTFS is set for read/write (allowing the user to edit and view via
FTP but not open other folders off the root) and the virtual web has it's
individual anonymous access user that manages the HTTP traffic. The virtual
web then cant allow it's "Browser" users to access to the other directory
trees because IIS itself doesnt have access to them (from that vitual web).

Since I have thought about it so much, I might as well spend some time
making a vitual web to try it out. I'll post when results are in so Google
can pick it up.

"Lou Prete" <Louis_Prete@hotmail.com> wrote in message
news:udSQVwI%23DHA.340@tk2msftngp13.phx.gbl...
> All you need to do is remove NTFS permissions.
>
> For example user1 goes into user1 dir. But user2 goes into user2 dir. If
> you make sure that user1 has no NTFS permissions on user2's dir then they
> will not be able to get access.
>
> "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
> news:40368888$1_3@newspeer2.tds.net...
> >
> > I have several virtual webs running in the same FTP root folder. Users
> > update their sites via FTP using accounts that have the folder name (to
> dump
> > them there) and write access to only their own folder tree.
> >
> > With this setup, a user can authenticate with their FTP account, browse
> from
> > their folder to the FTP server root and back down to other FTP based web
> > sites to view and list files. Though files are read only at that point,
> > some users consider it a security problem as they tend to have web pages
> > that are not "published" (linked to) or leave things in their sites they
> > don't want others reading. (The security by obscurity model.) This
> occurs
> > even if the virtual WWW web requires a password for HTTP access.
> >
> > This behavior seems to be the norm among FTP web sites sharing the same
IP
> > on IIS.
> >
> > Despite being instructed that all files in a web server are publicly
> > available and they should take pains to make sure information does not
> leak
> > out that way, the users still complain about it.
> >
> > I was looking at the "anonymous user access" feature and wondered if
the
> > following plan is feasable:
> >
> > - Make an account used to edit the FTP site (folder) for each user to
edit
> > with read/write access.
> >
> > - Point the WWW virtual web at that same folder.
> >
> > - Make a new account and add it to the "anonymous user access" account
for
> > that virtual web, then give that account read only access to the folder
> tree
> > that contains that web.
> >
> > The net effect should be there are no shared accounts with even "read"
> > access to other folders in this directory tree under the root of the FTP
> > server (i.e. webmasters can't browse each other's sites).
> >
> > Has anybody done this and obtained the proper result? (i.e. no browsing
> > across FTP webs)
> >
> > I do not mind the extra steps to go through to do the task, but do not
> want
> > to mess up the permissions on a live web server without a little
> background
> > to get started with.
> >
> > Thanks!
> >
> >
>
>


Top