question

LevAnni-1451 avatar image
0 Votes"
LevAnni-1451 asked lextm commented

CHMOD on Windows, How to?

Hi,

As we all know, basic FTP client can't change file/folder permission through the client itself, rather I have to manually set it server side when they ask me. Now, I'm searching some workaround, like capturing client commands on server and then do ICACLS programmatically with say powershell. So my question is, how to get client FTP commands on server to do this?

Windows Server 2016, IIS

Thanks

windows-server-iis
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Though limited, IIS FTP does allow extensions to be written to extend its functionalities. You can find examples from Rebert's blog like https://blogs.iis.net/robert_mcmurray/how-to-use-managed-code-c-to-create-an-ftp-home-directory-provider-that-is-based-on-the-remote-client-ip-address

0 Votes 0 ·

1 Answer

MotoX80 avatar image
0 Votes"
MotoX80 answered MotoX80 commented

The FTP logs are in C:\inetpub\logs\LogFiles\FTPSVC (default location). FTP doesn't log invalid commands, but you can see the user names who log in. Or try to log in.

 2021-05-31 12:04:38 ::1 - ::1 21 USER admin 331 0 0 
 2021-05-31 12:04:41 ::1 - ::1 21 PASS *** 530 

If you see a 530 event for a user you could add them to some group to allow access. I would want to have some kind of verification step though and not just automatically add any account.

I got tired of developers asking me to add accounts to local groups and restart their services so I build an ASPX web site to let them manage their "stuff". The site would authenticate the user (but not impersonate them) so I could then see what groups they were members of. We used names like "Application1-Owner". The users in that group could then manage any resource related to "Application-1". The web sites worker process ran as SYSTEM so I could programmatically do anything that I wanted to do. It wasn't trivial to build the site, but it saved me a ton of time by not having to deal with annoying "can you add" type requests.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks

Building a special site to deal with permissions is a good idea, really. I'll think about that, but developing powershell script which relies on the FTP logs written to the disk would be very difficult to implement Imho.

0 Votes 0 ·

It sounds like what you are ultimately looking for is some kind of self-service implementation where an administrator does not need to get involved. Without knowing more about your environment, security concerns, and user constraints, I don't know that forum users can be of much help.

0 Votes 0 ·

No, I'm just looking way how to capture FTP client commands on the server in real time so I would then write some script to imitate file/folder permission requests from clients like in linux environment using CHMOD. It is more related to windows system, rather than my own goals. I'm just looking someone who knows windows server environment regarding FTP protocol handling more than me.

0 Votes 0 ·
Show more comments