[Dshield] FTP Site

Kelly Martin kellym at fb00.fb.org
Thu Nov 29 17:25:08 GMT 2001


I would disagree with your complaints about NTFS security.  NTFS security is
far more versatile and useful than Unix file system security (which is
really quite primitive and actually very difficult to use for anything more
complex than keeping people out of each other's home directories).
Admittedly, IIS has problems, but you should be able to create a write-only
upload directory in IIS by allowing write and denying read in IIS, and
setting appropriate NTFS permissions for the IUSR_* account.  (Caveat: I've
never tried this.)

Kelly

> -----Original Message-----
> From:	Paul Clarke [SMTP:paulclarke at clarkeworks.com]
> Sent:	Thursday, November 29, 2001 6:48 AM
> To:	dshield list
> Subject:	[Dshield] FTP Site
> 
> In a message Sean said:
> 
> I wanted open (e.g. anonymous) access for the DOWNLOAD for convenience -
> but
> no download from the UPLOAD.
> 
> There are some complications in Windows NT/2000 NTFS permissions that make
> it difficult to allow directory viewing but not file reading (at least I
> had
> difficulty making that work smoothly with a "inherited" right to "write"
> allowed by IIS5 and a "deny" read set in NTFS security).  I'm certain your
> right about the settings it's just that I couldn't find a comfortable
> combination with the complexity of IIS5's security and NTFS permissions
> adding "inheritance" into the mix.  My old brain just froze :>
> 
> Perhaps I should trash the "windoze" server and go with a Linux box.
> 
> That should get the advice flowing :>
> 
> Thanks for the reply.
> 
> Paul
> 
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list