3

I'm running Filezilla server on my dedicated windows 2003 server.

It uses its own user-access control system.

The Filezilla server service itself is running under the System user.

When I setup users within the FTP Server Administrator Interface, I do not need to setup equivalent users, or adjust permissions on folders to allow users to login.

Example:

  1. I setup TestFTP user with password 'p'
  2. I set the home directoy of TestFTP user to be e:/website
  3. I verify that e:/website only has permission for the System and Admin accounts (right click -> security in windows explorer)

TestFTP is able to login to the server just fine.

I'm OK with this (perhaps due to ignorance?).

Is it generally frounded upon to utilize a FTP Server such as FileZilla Server that bypasses the built-in UAC in this method?

If I wasn't clear enough, please let me know.

Brian Webster
  • 1,123
  • 1
  • 18
  • 39

1 Answers1

2

Filezilla has its own built in security layer to allow you to create users within the software rather than depending on existing Windows accounts. I use this on several servers and have tested it pretty thoroughly and found no problems with this approach. Keep in mind that it doesn't mean TestFTP suddenly has the same access to the hard drive as the LocalSystem user does - Filezilla security prevents that.

If you're uncomfortable with this arrangement, IIS is probably more suited for your needs.

Chris
  • 869
  • 1
  • 7
  • 13
  • I'm OK with this arrangement. I was just looking for input from pros. I'm a programmer that manages a dedicated server... it's certainly not my area of expertise. Thanks for the advice. – Brian Webster Jul 18 '09 at 02:24
  • of couse you lose all the benefits that using regular windows accounts would give you, and running anything as system that doesn't need to isn't reccomended. Technically testftp DOES have the same access that localsystem does (however the app may preclude that being an issue) – Jim B Jul 18 '09 at 05:01
  • 1
    You could also create a new account for the FTP to run under, that is restricted to only the directory area it should have and deny everything else. Then if every compromised the damage is restricted – SpaceManSpiff Jul 18 '09 at 12:38