RE: IIS 6 FTP

["Tyler, Grayling" <ggtyler () foodlion com>]

Thanks to all who responded to the questions.  I've found that rebooting
the server after making a permissions change causes the settings to work
as expected.  This leads me to believe that the settings are cached
someplace (Meta store perhaps?).  I hope to get some of that
mythological "free time" I keep hearing people talk about so I can test
this theory further (perhaps stopping and starting the FTP service will
suffice for a reboot or some other buried setting dictating how long
between Meta refreshes).

Thanks to all

-----Message d'origine-----
De : Tyler, Grayling [mailto:ggtyler () foodlion com]
Envoye : October 08, 2004 13:00
A : security-basics () securityfocus com
Objet : IIS 6 FTP


Couple of questions for the list.

1. I set up an non-isolation mode FTP site using a Virtual directory on
the server. I configured permissions using two groups:
Group       NTFS settings
FTP_Read  Read & Execute, List Folder Contents, Read with Write set to
Deny
FTP_Write Modify, Read & Execute, List Folder Contents, Read and Write

The FTP site is configured to allow read and write and anonymous access
is turned off (basic authentication)

When I log in as the user with Write permissions, it works as expected
However, when I log in as the read only user, the user is allowed both
read and write files.  The only thing the account is limited from doing
is writing over or deleting a file loaded by the Write FTP user.

So what am I missing here?

2. Any one know how to turn off the FTP server identification string on
IIS?

Thanks all
************************************************************************
**
This electronic message may contain confidential or privileged
information
and is intended for the individual or entity named above.  If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please
notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).
************************************************************************
**

**************************************************************************
This electronic message may contain confidential or privileged information
and is intended for the individual or entity named above.  If you are 
not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. 
If you have received this electronic transmission in error, please notify 
the sender immediately by using the e-mail address or by telephone
(704-633-8250).
**************************************************************************