IIS6 FTP ignores NTFS file permissions?

views:

647

answers:

IIS6 FTP ignores NTFS file permissions?

In an Intranet environment, I have an FTP server set up for publishing files to websites. A user connected to the production FTP server (allowed) to publish files (allowed) then navigated to a folder that was not hers (allowed) then wrote files there (allowed by FTP, but not by NTFS.)

Only Administrators and System have rights to Write to that folder, and she's not an adminstrator through any group.

Does FTP ignore NTFS securities? How did she write to a site to which she only has read access?

Thanks.

IIS should honor NTFS permissions. Without being able to look at your ACLs it is very tempting to suspect that you have your permissions setup wrong. It might be useful if you ran cacls on the directory and posted the results.

Zoredache 2009-01-05 22:08:19

What a dufus. Thanks for the cacls suggestion. BUILTIN\Users:(OI)(CI)RBUILTIN\Users:(CI)(special access:) FILE_APPEND_DATABUILTIN\Users:(CI)(special access:) FILE_WRITE_DATA

codepoke 2009-01-05 22:24:23

What user is the FTP service running as? It may be checking that user's permission instead of the logged in user. I would expect (but do not know for certain) that a Microsoft FTP server (or one tightly integrated with MS proprietary stuff) would act as the user who logged in, but a third-party one probably would access the files as whatever user runs the service (SYSTEM or LOCAL SERVICE?).

rmeador 2009-01-05 22:18:21

ansaurus

tags:

views:

answers:

IIS6 FTP ignores NTFS file permissions?

related questions