Configuring and Testing FTP
Now we will configure and test the FTP service. This exercise is a very brief introduction to the FTP service but should give you a good outline of how FTP works.
First, run the Internet Service Manager available under
Start | Programs | Windows NT 4.0 Option Pack | Microsoft Internet Information Server | Internet Service Manager
The Microsoft Management Console is new in this release of IIS. The MMC is designed to provide a generic, extensible way to manage all kinds of areas of the system. The MMC has "snap-ins" which are pieces of software which extend the MMC.
We have the Internet Information Server and Microsoft Transaction Server "snap-ins".
If you go to the IIS and select the www host you see the IIS services running on that host. To manage the FTP site, we right-click on the FTP site and select Properties.
The FTP Properties are shown in a tabbed dialog box. The first property window that we will work with is the
Security Accounts portion.
We will turn off the anonymous FTP. Anonymous FTP does not use a password and is used to distribute materials to folks on the Internet. If you want Anonymous FTP, leave it enabled. Otherwise it is an unnecessary security hole.
When you turn off anonymous FTP, users must enter an account and password. Because the official FTP protocol does not support any type of encrypted password, those passwords will be transmitted in plaintext across the net. While this sounds like a big security hole, it is no different than any other FTP server on the Internet.
In the Home Directory portion of the dialog, we can select that we want users to be able to write (or upload) to the FTP server. So we select Write
Again, incoming FTP may not be required in this situation - if not, do not select "Write".
After the configuration changes have been made, exit the dialog by pressing OK. You changes will be applied.
Next we test our newly reconfigured FTP server by starting an MS-DOS session and connecting to our FTP server. We log in as example (Ann Example Person) with the appropriate password.
We use the mkdir command to create a directory called testme insure that we can write to the server.
Just for yucks, we go and look for the directory on the system.
it shows up on:
Go ahead and delete the directory and QUIT your ftp session.
At this moment, you might be thinking, "Wait a second - just a plain-old user created a directory in the FTP root space."
Our security is a little loose at this point so we need to crank it down a bit. FTP uses the NTFS security system so we right click on ftproot and select Properties.
In Properties, we select the Security tab and press Permissions
Wow, by default any valid user has total and complete control over the entire ftp hierarchy. Lets tighten that down just a bit.
First, press Add and then allow the Administrators group Full Access. Then when you come back to this screen, modify the Everyone group to have Read and Execute permission.
This is the proper set of permissions for the
D:\InetPub\ftproot directory. Press OK.
Just to be sure, we try to log in as our example user and we can no longer perform write operations in the main directory.
Now we want to make a subdirectory which the user can use to upload information.
So, we create a new folder
D:\InetPub\ftproot\new and then view the new folder's properties.
Initially it inherits its permissions from its parent directory. We press Add to give our example user permission on the directory.
First press Show Users so the users appear in the top window. then scroll down the top window until you find "Ann Example Person" and press Add.
Then at the bottom use the drop down to give Ann "Full Control" and press OK.
This is how the permissions should look.
Now we connect and use cd to move into the new directory. We use mkdir to verify that we indeed have write permission.
This gives a flavor of how you can control the FTP service.