IIS6 FTP ignores NTFS file permissions?

Question

IIS6 FTP ignores NTFS file permissions?

In an Intranet environment, I have an FTP server installed to publish files to websites. A user connected to a production FTP server (allowed) to publish files (allowed) then navigated to a folder that did not belong to her (allowed), then wrote files there (FTP allowed but not NTFS.)

Only administrators and the system have write rights to this folder, and it is not the administrator of any group.

Does FTP ignore NTFS securities? How did she write the site she only read access to?

Thank.

0

iis ftp ntfs

codepoke 05 jan. At 10:02 pm

source to share

2 answers

What kind of user does the FTP service run? Perhaps it is checking this custom permission instead of the logged in user. I would expect (but don’t know for sure) that a Microsoft FTP server (or one that is tightly integrated with the proprietary MS stuff) would act like the user who is logged in, but a third party might be able to access the files like anyone else to the user a service (SYSTEM or LOCAL SERVICE?).

0

rmeador 05 jan. '09 at 22:18

source to share

Zoredache · Accepted Answer · 2009-01-05T22:08:19+0000

IIS must respect NTFS permissions. Without being able to look at your ACLs, it is very tempting to suspect that you have misconfigured permissions. This can be useful if you run cacls on a directory and publish the results.

IIS6 FTP ignores NTFS file permissions?

More articles: