windows7下建立ftp服务器详解 iis7.5
原文地址http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/
Introduction
Microsoft has created a new FTP service that has been completely rewritten
for Windows Server 2008. This new FTP service incorporates many new features
that enable web authors to publish content better than before, and offers web
administrators more security and deployment options.
This document will walk you through the various FTP user isolation settings
using the new FTP user interface and by directly editing the IIS configuration
files.
Note: This walk-through contains a series of steps where you
will be logging in to your FTP site using the local administrator account. These
steps should only be followed on the server itself using the loopback address or
over SSL from a remote server. If you prefer to use a separate user account
instead of the administrator account, you will need to create the appropriate
folders and set the correct permissions for that user account when
necessary.
In this walkthrough
- Using the FTP Site Wizard to Create an FTP site
- Examining the New FTP User Isolation Settings
- Configuring User Isolation Settings by Physical
Directories - Configuring User Isolation Settings for All Directories
Prerequisites
The following items are required to complete the procedures in this
article:
- IIS 7 must be installed on your Windows Server 2008 RC0 server, and the
Internet Information Services Manager must be installed. - The new FTP service must be installed. You can download and install the FTP
service from the http://www.iis.net/ web site using one of the following
links:
- You will need to create a root folder for FTP publishing:
- Create a folder at "%SystemDrive%\inetpub\ftproot"
- Set the permissions to allow anonymous access:
- Open a command prompt.
- Type the following command:
CACLS "%SystemDrive%\inetpub\ftproot" /G
IUSR:R /T /E - Close the command prompt.
- You will need to create additional content folders:
- Create a folder at "%SystemDrive%\inetpub\ftproot\LocalUser\Public"
- Create a folder at "%SystemDrive%\inetpub\adminfiles"
Using the FTP Site Wizard to Create an FTP
site
In this first section we will create a new FTP site that can be opened for
Read-only access by anonymous users and Read/Write access by the administrator
account.
- In IIS Manager, in the Connections pane, click the
Sites node in the tree. - As shown in the image below, right-click the Sites node in
the tree and click Add FTP Site, or click Add FTP
Site in the Actions pane.
- When the Add FTP Site wizard appears:
- Enter "My New FTP Site" in the FTP site name box, then
navigate to the "%SystemDrive%\inetpub\ftproot" folder that you created in the
Prerequisites section. Note that if you choose to type in the path to your
content folder, you can use environment variables in your paths. - When you have completed these items, click Next.
- Enter "My New FTP Site" in the FTP site name box, then
- On the next page of the wizard:
- You would normally choose an IP address for your FTP site from the
IP Address drop-down, or you could choose to accept the default
selection of "All Unassigned." Because you will be using the administrator
account later in this walk-through, you want to make sure that you restrict
access to the server and enter the local loopback IP address for your computer
by typing "127.0.0.1" in the IP Address box. - You would normally enter the TCP/IP port for the FTP site in the
Port box. For this walk-through, you will choose to accept the
default port of 21. - For this walk- through, you will not use a host name, so make sure that the
Virtual Host box is blank. - Make sure that the Certificates drop-down is set to "Not
Selected" and that the Allow SSL option is selected. - When you have completed these items, click Next.
- You would normally choose an IP address for your FTP site from the
- On the next page of the wizard:
- In IIS Manager, click the node for the FTP site that you created; this will
display the icons for all of the FTP features.
- We need to add Basic Authentication so that users can log in. To do so,
double-click the FTP Authentication icon to open the FTP
authentication feature page.
- When the FTP Authentication page is displayed, highlight
Basic Authentication and then click Enable in
the Actions pane.
- In IIS Manager, click the node for the FTP site to re-display the icons for
all of the FTP features. - We need to add an authorization rule so that the administrator can log in.
To do so, double-click the FTP Authorization Rules icon to open
the FTP authorization rules feature page.
- When the FTP Authorization Rules page is displayed, click
Add Allow Rule in the Actions pane.
- When the Add Allow Authorization Rule dialog box is
displayed
Summary
To recap the items that you completed in this section:
- You created a new FTP site named "My New FTP Site", with the site's content
root at "%SystemDrive%\inetpub\ftproot". - You bound the FTP site to the local loopback address for your computer on
port 21, and we chose not to use Secure Sockets Layer (SSL) for the FTP site. - You created a default rule for the FTP site to allow anonymous users "Read"
access to the files. - You added an authorization rule that allows the administrator account both
"Read" and "Write" permissions for the FTP site. - You added Basic Authentication to the FTP site.
Examining the New FTP User Isolation Settings
- In IIS Manager, click the node for the FTP site that you created; this will
display the icons for all of the FTP features. - Double-click the FTP User Isolation icon to open the FTP
user isolation feature.
- When the FTP User Isolation feature page is displayed,
notice that you have five different options available:
- These five options are defined as:
- Do not isolate users. Start users in:
- FTP root directory
- This option specifies that all FTP sessions will start in the root directory
for the FTP site. - Note: This option is new in this FTP server, and simply
disables all user isolation or starting folder logic.
- This option specifies that all FTP sessions will start in the root directory
- User name directory
- This option specifies that all FTP sessions will start in the physical or
virtual directory with the same name of the currently logged on user if the
folder exists; otherwise, the FTP session will start in the root directory for
the FTP site. - Note: This option is the same as choosing no user isolation
in the IIS 6.0 FTP server. For additional information about using this option,
see the "Do Not Isolate Users Mode" section in the Hosting Multiple FTP Sites with FTP User Isolation (IIS
6.0) topic.
- This option specifies that all FTP sessions will start in the physical or
- FTP root directory
- Isolate users. Restrict users to the following directory:
- User name directory (disable global virtual directories)
- This option specifies that you want to isolate FTP user sessions to the
physical or virtual directory with the same name of the FTP user account. The
user sees only their FTP root location and is, therefore, restricted from
navigating higher up the physical or virtual directory tree. Any global virtual
directories that are created will be ignored. - Note: This option is new in this FTP server.
- This option specifies that you want to isolate FTP user sessions to the
- User name physical directory (enable global virtual
directories)
- This option specifies that you want to isolate FTP user sessions to the
physical directory with the same name of the FTP user account. The user sees
only their FTP root location and is, therefore, restricted from navigating
higher up the physical directory tree. Any global virtual directories that are
created will apply to all users. - Note: This option is the same as choosing user isolation in
the IIS 6.0 FTP server.
- This option specifies that you want to isolate FTP user sessions to the
- FTP home directory configured in Active Directory
- This option specifies that you want to isolate FTP user sessions to the home
directory that is configured in the Active Directory account settings for each
FTP user. - Note: This option is the same as choosing Active Directory
user isolation in the IIS 6.0 FTP server. For additional information about using
this option, see the "Isolate Users Using Active Directory Mode" section in the
Hosting Multiple FTP Sites with FTP User Isolation (IIS
6.0) topic.
Configuring User Isolation Settings by Physical
Directories
When isolating users by physical directories only, all FTP user sessions are
restricted to the physical directory with the same name of the FTP user account.
However, any global virtual directories that are created will apply to all
users.- In IIS Manager, click the node for the FTP site that you created; this will
display the icons for all of the FTP features. - Double-click the FTP User Isolation icon to open the FTP
user isolation feature.
- When the FTP User Isolation feature page is displayed, select the
User name physical directory (enable global virtual
directories) option, then click Apply in the
Actions pane.
Logging in to your FTP site
You can now log in to your FTP site using user isolation, but the following
information applies:- If you log in to your FTP site anonymously, your session will be restricted
to the "LocalUser\Public" folder that you created in the Prerequisites section. - If you attempt to log in to your FTP site using the administrator account,
your logon request will be denied because the administrator account does not
have a home directory defined. To allow the administrator account to log in you
would need to create a home directory for the administrator account at
"%SystemDrive%\inetpub\ftproot\LocalUser\Administrator". After which, if you
logged in to your FTP site using the administrator account, your session will be
restricted to the "LocalUser\Administrator" folder that you just created.
Summary
To recap the items that you completed in this step, you configured FTP user
isolation using the User name physical directory (enable global virtual
directories) option. When using this mode of user isolation, all FTP
user sessions are restricted to the physical directory with the same name of the
FTP user account, and any global virtual directories that are created will apply
to all users.
To create home directories for each user, you first need to create a physical
directory under your FTP server's root folder that is named after your domain or
named LocalUser for local user accounts. Next, you need to create a physical
directory for each user account that will access your FTP site. The following
table lists the home directory syntax for the authentication providers that ship
with the FTP service:
User Account Types
Physical Home Directory Syntax
Anonymous users
%FtpRoot%\LocalUser\Public
Local Windows user accounts
(requires basic authentication)
%FtpRoot%\LocalUser\%UserName%
Windows domain accounts
(requires basic authentication)
%FtpRoot%\%UserDomain%\%UserName%
IIS Manager or ASP.NET custom
authentication user accounts
%FtpRoot%\LocalUser\%UserName%
(Note: In the above table, %FtpRoot% is the root directory
for your FTP site; for example, C:\Inetpub\Ftproot.)
Important Note: Global virtual directories are enabled; all
virtual directories that are configured at the root-level of your FTP site can
be accessed by all FTP users, provided that they have sufficient
permissions.
Configuring User Isolation Settings for All
Directories
When isolating users for all directories, all FTP user sessions are
restricted to the physical or virtual directory with the same name of the FTP
user account. In addition, all global virtual directories that are created will
be ignored. In this step you will configure user isolation for all directories,
and add a virtual directory for the administrator user.- In IIS Manager, click the node for the FTP site that you created; this will
display the icons for all of the FTP features. - Double-click the FTP User Isolation icon to open the FTP
user isolation feature.
- When the FTP User Isolation feature page is displayed,
select the User name directory (disable global virtual
directories) option, then click Apply in the
Actions pane.
- Expand the tree node for your FTP site, then right-click the LocalUser
folder and click Add Virtual Directory. (Note:
In this example the "LocalUser" folder is a physical directory, but a virtual
directory could also have been used.)
- When the Add Virtual Directory dialog box appears:
Logging in to your FTP site
You can now log in to your FTP site using user isolation, but the following
information applies:- As with Step 3, if you log in to your FTP site anonymously, your session
will be restricted to the "LocalUser\Public" folder that you created in the
Prerequisites section. - If you log in to your FTP site using the administrator account, your session
will be restricted to the "/LocalUser/administrator" virtual directory that you
just created.
Summary
To recap the items that you completed in this step, you configured FTP user
isolation using the User name directory (disable global virtual
directories) option. When using this mode of user isolation, all FTP
user sessions are restricted to the virtual or physical directory with the same
name of the FTP user account, and any global virtual directories that are
created will be ignored.
To create home directories for each user, you first need to create a virtual
or physical directory under your FTP server's root folder that is named after
your domain or named LocalUser for local user accounts. Next, you need to create
a virtual or physical directory for each user account that will access your FTP
site. The following table lists the home directory syntax for the authentication
providers that ship with the FTP service:
User Account Types
Physical Home Directory Syntax
Anonymous users
%FtpRoot%\LocalUser\Public
Local Windows user accounts
(requires basic authentication)
%FtpRoot%\LocalUser\%UserName%
Windows domain accounts
(requires basic authentication)
%FtpRoot%\%UserDomain%\%UserName%
IIS Manager or ASP.NET custom
authentication user accounts
%FtpRoot%\LocalUser\%UserName%
(Note: In the above table, %FtpRoot% is the root directory
for your FTP site; for example, C:\Inetpub\Ftproot.)
Global virtual directories are ignored; all virtual directories that are
configured at the root-level of your FTP site cannot be accessed by any FTP
users. All virtual directories must be explicitly defined under a user's
physical or virtual home directory path.
具体内容就不翻译了。想看的人自然看的懂!
转发出来只是为了方便和我一样在网上搜索的人们。想找到一篇很专业的关于iis7的文章真难。。。
- This option specifies that you want to isolate FTP user sessions to the home
- User name directory (disable global virtual directories)
- Do not isolate users. Start users in: