How to chroot ftp users in IIS 6?
How to jail ftp users in IIS6?
This is answer.
IIS 6.0 introduce 3 new modes for ftp site:
a) Do not isolate users - This mode does not enable FTP user isolation and it work similarly to earlier versions of IIS.
b) Isolate users - This mode authenticates users against local or domain accounts before they can access the home directory that matches their user name. All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to their home directory. Users are not permitted to navigate out of their home directory.
c) Isolate users using Active Directory - This mode authenticates user credentials against a corresponding Active Directory container, rather than searching the entire Active Directory, which requires large amounts of processing time. Specific FTP server instances can be dedicated to each customer to ensure data integrity and isolation.
You can select the isolation mode during FTP site setup using the FTP Site Creation Wizard. You can use Iisftp.vbs to configure FTP User Isolation, using the/isolationparameter. When you use the/isolation parameter, specify either AD, for Active Directory isolation, or Local, for local isolation. If you do not include the /isolation parameter, the site will not isolate users.
Note: This article focus on Isolate users in normal mode (b)
To create a new FTP site that isolates users
1. In IIS Manager, expand the local computer, right-click the FTP Sites folder, point to New, and click FTP Site.
2. Provide the required information in the FTP Site Description and IP Address and Port Settings dialog boxes, and click Next.
3. In the FTP User Isolation dialog box, click Isolate users, and click Next.
4. In the Path box, type or browse to the directory that contains, or will contain, the site content, and then click Next.
5. Select the check boxes for the FTP site access permissions you want to assign to your users, and then click Next.
6. Click Finish.
To create FTP root-point and user folders
If users of the local computer log in with their individual account user names, create the subdirectoriesLocalUser under the FTP site root directory you specified when you creating the FTP site.
For Example -
FTP root directory -> D:\MyFTP\
LocalUser locate at D:\MyFTP\LocalUser
For individual user, you need to create folder in this format - LocalUser\username
User: Susan locate at D:\MyFTP\LocalUser\Susan
If users of different domains log on with their explicit domain\username credentials, create a subdirectory for each domain (by using the name of the domain) under the FTP site root directory you specified when you creating the FTP site.
For Example -
Domain Name: Account
FTP root directory -> D:\MyFTP\
LocalUser locate at D:\MyFTP\Account
For individual domain user, you need to create folder in this format - Domain\username
Domain User: Nancy locate at D:\MyFTP\Account\Nancy
Anonymous access in isolated ftp site
If anonymous access is allowed, create the subdirectories LocalUser and LocalUser\Public under the FTP site home directory.
Note: All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to their home directory. Users are not permitted to navigate out of their home directory. If users need access to dedicated shared folders, you can also establish a virtual root.
Saturday, June 16, 2012
Subscribe to:
Posts (Atom)