Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / IIS / FTP / June 2006

Tip: Looking for answers? Try searching our database.

How secure is ftp user isolation on XP SP2

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Thomas Jespersen - 27 Jun 2006 09:56 GMT
Hi

I have a XP with SP2 running FTP.

By accident I discovered that if I create a user and a folder in the root of
the FTP site, with the exact same name, that folder becomes the root of the
user.

After a bit or Googling, I found that this is called "FTP User Isolation".
But I can't find any documentation on this working for XP SP2. but it seams
to work!

I would like to be confirmed that this feature ensures that 2 users under no
circumstances are able to access each others files (as long as the folder
for the user exists). Is that correct?

Thomas
Reply to this Message
Chris Crowe [MVP 1997 -> 2006] - 27 Jun 2006 19:18 GMT
I do not beleive that this is called FTP User isolation more User Home
Folders.

On Windows XP SP2 - your users will be able to cd \ and go back to the root
of the FTP Site and then change into other folders by default.

On Windows 2003 Server you can isolate users to their own FTP folders as
dicsussed in the June 2006 IIS Insider article I wrote.

http://www.microsoft.com/technet/community/columns/insider/default.mspx

Signature

Cheers

Chris Crowe [IIS MVP 1997 -> 2006]
http://blog.crowe.co.nz
------------------------------------------------

> Hi
>
[quoted text clipped - 13 lines]
>
> Thomas
Reply to this Message
Thomas Jespersen - 30 Jun 2006 00:07 GMT
Hi Chris and Jeff

OK... thanks for the answers.

I won't use this as a security thing then.

Thomas

>I do not beleive that this is called FTP User isolation more User Home
>Folders.
[quoted text clipped - 24 lines]
>>
>> Thomas
Reply to this Message
Jeff Cochran - 27 Jun 2006 21:29 GMT
>Hi
>
[quoted text clipped - 11 lines]
>circumstances are able to access each others files (as long as the folder
>for the user exists). Is that correct?

It's not user isolation, it's a simple mapping of the home directory.
And it has nothing to do with security in any manner.  That's what
NTFS permissions are for.

Jeff
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.