set "FTP Authorization Rules" on virtualdirectory

This topic contains 4 replies, has 4 voices, and was last updated by Profile photo of ragnar ragnar 3 months ago.

  • Author
    Posts
  • #14357
    Profile photo of tw h
    tw h
    Participant

    I am trying to automate the creation of user ftp directories on IIS7 (w2008R2).
    The desired stucture is like:
    -ftp root (Allow "ftp users" Read)
    -usera (virtual folder,Allow "usera" Read,Write)
    -userb (virtual folder,Allow "userb" Read,Write)
    -userc (virtual folder,Allow "userc" Read,Write)
    I am almost there, except the setting of authorization is not working. Just the user needs to have read,write rights in its own ftp directory, not every "ftp user" read.
    In the GUI, I have to remove the inhereted right from "ftp root" (Allow "ftp users" Read), and add Allow Rule for the user with Read,Write. How can I script this ?
    I thought something like this:
    add-webconfiguration "/system.ftpServer/security/authorization" -value (@{accessType="Allow";users="usera";permissions="Read,Write"}) -PSPath "IIS:\sites\ftp root" -location usera
    But it complains about some filename......????
    Add-WebConfiguration : Filename:
    Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent leve
    l. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="De
    ny" or the legacy allowOverride="false".

    I read somewhere that I cannot use set-webconfiguration.
    How can I set the correct right on the virtual ftp directory ?

  • #14387
    Profile photo of Vern Anderson
    Vern Anderson
    Participant

    Have you tried to stop the FTP site before running your commands?

    Maybe IIS has the config locked for writing.

  • #14398
    Profile photo of tw h
    tw h
    Participant

    Thanks Vern for your input, but I solved it in a strange way:
    Experimenting with appcmd, I found the 2 commands to accomplish it:
    C:\windows\system32\inetsrv\appcmd.exe set config "ftp root/usera" -section:system.ftpServer/security/authorization /+"[accessType='Allow',users='usera',roles='*',permissions='Read,Write']" /commit:apphost
    C:\windows\system32\inetsrv\appcmd.exe set config "ftp root/usera" -section:system.ftpServer/security/authorization /-"[accessType='Allow',users=",roles='ftp users',permissions='Read']" /commit:apphost
    Found on the internet how to add some config to IIS with powershell:
    Add-WebConfiguration "/system.ftpServer/security/authorization" -value @{accessType='Allow';users='usera';roles=";permissions='Read, Write'} -PSPath "iis:\" -location "ftp root/usera"
    In the get-help add-webconfiguration, there is a reference to remove-webconfiguration, but this command does not exist, so I changed it to "set-webconfiguration", which deletes the inherited rights, and sets the user-rights. GREAT !
    Solution:
    Set-WebConfiguration "/system.ftpServer/security/authorization" -value @{accessType='Allow';users='usera';roles=";permissions='Read, Write'} -PSPath "iis:\" -location "ftp root/usera"

  • #45463
    Profile photo of zerocool18
    zerocool18
    Participant

    Thanks for solving this.

    There should be a Remove-WebConfiguration cmdlet available.

    The Get-WebConfiguration doesn't allow filtering using pipeline. If I filter a user in pipeline, I still get all the users in the result.

  • #66913
    Profile photo of ragnar
    ragnar
    Participant

    Hi tw h,

    in this post your tryıng about to give permission to subfolders of FTP site?

    i want to add permissin to folders but each folder must have permission of them user's right.

    for ex:
    FTP Site

    folders users
    folder1 > user1
    folder2 > user2
    folder3 > user3

    user1 has right only on folder1,user2 on folder2 and user3 on folder3.

    but when i try with powershell for do it, the permission given to FTP Site root and in this case all users have right on all folders.

You must be logged in to reply to this topic.