Fastream Technologies wrote: > Hello, > >> HomeDir is hardcoded C:\TEMP. > In order to test Windows security try the following: > 1) Create a new user Group "FTP-Users" > 2) Right-click Drive C: | Properties | Security-Settings > 3) Add group FTP-Users deny "Full Access" > 4) Go to C:\Temp, Properties | Security-Settings > Set proper NTFS rights to Group FTP-Users (break inheritance, > copy inherited rights) > 5) Create a new user make her a member of Group "FTP-Users" only. > > Now, until 4) all is fine. But how do we break the inheritance. It > does not let me edit the permissions for C.\Temp and subs... Just > disabled checkboxes!
In Explorer | Organize | Folder and Search Options turn off "Use Sharing Wizard (Recommended)" in order to be able to set detailed NTFS rights. I cannot teach you all those basic Windows security stuff, read about that in the online help or search the internet, please! -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > Regards, > > SZ > > On 5/14/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >> >> Fastream Technologies wrote: >>> Hello Arno, >>> >>> Just found time... Sorry. I have an idea, to reduce the "NTLM >>> context switches", >> >> It is the user security context that is switched. Currently >> LogOnUser API is called once on login at the application level. >> >>> why don't we increase the buffer size from 1460 bytes to >>> 8KB? >>> That's what I did with my copy and speed increased ~30%! I think >>> obeying Ethernet buffer size is less important than obeying Winsock >>> buffer size and making it larger for less context switches. >> >> Increasing component read/write buffer was enough, since context >> switches currently happen on file system access only. I haven't >> noted a performance decrease so far. >> >>> >>> BTW, in my Vista Biz, I am unable to find a way to create a new user >>> group--does the groups exist on Vista? >> >> It's the same as in XP Pro >> (Administrative Tools |Computer Management | Local Users and Groups). >> >>> My XP Home laptop is in >>> repair...sorry once again. >> >> AFAIK the Home edition doesn't provide an option to set NTFS rights >> as required by default. >> >> -- >> Arno Garrels [TeamICS] >> http://www.overbyte.be/eng/overbyte/teamics.html >> >> >>> >>> Best Regards, >>> >>> SZ >>> >>> >>> On 5/13/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>> >>>> Fastream Technologies wrote: >>>>> Not yet. Having personal problems these days.. :(( >>>> >>>> I uploaded a new version with some common improvements >>>> and fixes. There's a new option to hide the physical >>>> path, see Menu | Options. >>>> >>>> http://www.duodata.de/misc/delphi/OverbyteIcsFtpServ.zip >>>> >>>> HomeDir is hardcoded C:\TEMP. >>>> In order to test Windows security try the following: >>>> 1) Create a new user Group "FTP-Users" >>>> 2) Right-click Drive C: | Properties | Security-Settings >>>> 3) Add group FTP-Users deny "Full Access" >>>> 4) Go to C:\Temp, Properties | Security-Settings >>>> Set proper NTFS rights to Group FTP-Users (break inheritance, >>>> copy inherited rights) >>>> 5) Create a new user make her a member of Group "FTP-Users" only. >>>> >>>> Make sure the server process runs in an account with sufficent >>>> permissions. Since the FtpSrv demo is not Vista-compatible >>>> please try on a different NT-OS or turn off virtualization >>>> as well as UAC or try to run the demo As Administrator. >>>> >>>> BTW: Even disk quotas work (I tested in XP). >>>> >>>> -- >>>> Arno Garrels [TeamICS] >>>> http://www.overbyte.be/eng/overbyte/teamics.html >>>> >>>> >>>>> >>>>> On 5/11/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>>>> >>>>>> Fastream Technologies wrote: >>>>>>> Hello Arno, >>>>>>> >>>>>>> I use Windows Vista Business. I went to the control panel and >>>>>>> created what's called a "limited" user. Now that user can go >>>>>>> into C:\Windows and list file/folder listings when logged in >>>>>>> with your server demo. Is this normal? >>>>>> >>>>>> SZ, >>>>>> >>>>>> Any progress in testing? >>>>>> >>>>>> -- >>>>>> Arno Garrels [TeamICS] >>>>>> http://www.overbyte.be/eng/overbyte/teamics.html >>>>>> >>>>>> >>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> SZ >>>>>>> >>>>>>> >>>>>>> On 5/10/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>>>>>> >>>>>>>>> Perhaps you can code the NTLM into ICS FTP Server demo? >>>>>>>>> Believe me there is DEMAND for it! Fastream offers you $200 >>>>>>>>> for the task to be completed in 10 days plus we can help you >>>>>>>>> test. I know $200 is not much for a German company but this >>>>>>>>> code could be used by many people so it's well spent effort >>>>>>>>> (remember we will donate the demo). >>>>>>>> >>>>>>>> OK, some money is always welcome :-) I uploaded the result for >>>>>>>> testing (binary only): >>>>>>>> >>>>>>>> http://www.duodata.de/misc/delphi/OverbyteIcsFtpServ.zip >>>>>>>> >>>>>>>> It might be slower than the original v6 demo since security >>>>>>>> context is switched very frequently, please check whether it's >>>>>>>> too slow. Note that currently CWD works for directory names >>>>>>>> with length <= 3 as well as with current HomeDir (Angus can >>>>>>>> you tell us why?). PWD also always succeeds. It's possible to >>>>>>>> upload a zero-size file even if the user has only read access >>>>>>>> (file is not written). My solution impersonates user's Windows >>>>>>>> security context upon filesystem access, all events however >>>>>>>> are triggered in the the context of server's process, it may >>>>>>>> be usefull to switch to user's context in some events as well, >>>>>>>> but that was fine tuning and should be discussed here. >>>>>>>> >>>>>>>> BTW: I changed/fixed the STOU command, can somebody please >>>>>>>> test? >>>>>>>> >>>>>>>> -- >>>>>>>> Arno Garrels [TeamICS] >>>>>>>> http://www.overbyte.be/eng/overbyte/teamics.html >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> To unsubscribe or change your settings for TWSocket mailing >>>>>>>> list please goto >>>>>>>> http://www.elists.org/mailman/listinfo/twsocket Visit our >>>>>>>> website at http://www.overbyte.be >>>>>> -- >>>>>> To unsubscribe or change your settings for TWSocket mailing list >>>>>> please goto http://www.elists.org/mailman/listinfo/twsocket >>>>>> Visit our website at http://www.overbyte.be >>>> -- >>>> To unsubscribe or change your settings for TWSocket mailing list >>>> please goto http://www.elists.org/mailman/listinfo/twsocket >>>> Visit our website at http://www.overbyte.be >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
