Trouble creating FTP in Server 2008
Solution 1:
I will describe how I do isolated setup of FTP server. This works fine for our needs (1 (or more) user per website). I understand that there maybe much better/quicker/secure setup, but that is what I have been using all the time without any issues so far (Keep in mind -- I'm programmer and not an pro admin and will be grateful for any comments and advices).
-
Create new user: IUSR_ftpacc (will be used to run app pool).
- Set "Deny this user permissions to log on to Terminal Services"
- Member Of: remove "Users"; add "IIS_IUSRS"
-
Create new user(s) that will be used to access FTP service: e.g. ftpuser
- Set "Deny this user permissions to log on to Terminal Services"
- Member Of: I always remove "Users" and add "FTP" group (which you have to create separately -- all users in FTP group will be allowed to use FTP later)
Create folder for FTP: D:\websites\FTP and grant Read & Execute right to this folder.
Create 2 subfolders: "localuser" (for user folders -- must be this name) and "logs" (for logs).
Create individual folders inside
D:\websites\FTP\localuser
for each FTP account (folder must match user account): e.g. ftpuser, and grant Modify permission.Open IIS Manager and create new Application Pool: FTPServiceApp. Advanced Settings -> Identity -- set it up to use
IUSR_ftpacc
account.-
Sites -> Add FTP Site..
- FTP site name: FTP
- Physical path: D:\websites\FTP
- Authentication: Basic
- Allow access to: Specified roles or user groups; FTP (the group mentioned in #2)
- Permissions: Read & Write
Select newly created ftp site -> Actions -> Basic Settings: Change Application Pool to the one created at #6 (
FTPServiceApp
). If all setup properly you will see 2 green marks when clicking "Test Settings.." button. "Connect as.." should have "Application user (pass-through authentication)" selected by default.FTP User Isolation -- I'm always choosing "User name physical directory".
The "FTP Authorisation Rules" should be configured already (from wizard step). "FTP Logging" -- set to write logs into
D:\websites\FTP\logs
folder.
If I need user to access some website (which located in D:\websites\mywebsite
, for example) I create symlink (or directory junction) instead of folder at step #5.