Is it possible to lockdown the ftp server to the user's directory only? The home directory is "D:\Home" and user directories are created in there. However, when the user logins using his/her account, he is able to go down one level and view the list of all the other users' accounts and download their files.
Any suggests on how to solve this problem? Making the / path directly to his directory? Setting certain permissions? Please advise.
Set them up as a user on your system and only give them access to the directory where their site is stored. Even then, untick the "Full Control" checkbox on the permissions tab but make sure every other box is ticked.
Remove "Everyone" from all disks and inherit these properties to all directories and files. The only users who should have access and "Full Control" of the disks (and hence directories and files) are "Administrators" and "System". Every other user should be restricted in some manner.
When you go the directory that holds the users site (D:\home\usersite), and click on the security tab there should be 4 users there
Administrators and System - All check boxes ticked
UserName - All check boxes ticked except "full control"
IUSR_Account - Read, Read & Execute, List Folder Contents
Yes. I've done that. However, when a user logins, the directory he appears on the FTP client is /username/. However, he is able to CWD to / and view all the directories in D:\Home. Is it possible at all for IIS 5.0 to force them to only view / as their directory immediately? I've tried forcing the permissions in D:\Home to transverse only but when I ftp it says unable to access the home directory, dening me access. How is it possible for the user to login and immediately access /, which is D:\Home\username, instead of /username/?