A
A
Alex K2018-02-10 22:52:15
FTP
Alex K, 2018-02-10 22:52:15

FTP server on IIS. Why don't directory permission changes work?

Hello!
I am creating an FTP server on IIS (10).
Access to directories should be group - some group of users has access to one directory, another to another, a third to a third, etc.
A user can be a member of any number of groups - respectively, can have access to different directories.
FTP User Isolation I put in the FTP root directory
I create the necessary directories, I put authorization on the directory Authorization Rule - Specified roles or user groups, I enter the name of the necessary group, I set the rights (Read, Write)
In Windows I get the necessary groups
Then I get the user, I add him to the necessary groups - and everything is OK, in those directories to which his group has access, the user also has access, there is no access to other groups.
However, it is worth removing it from some group, or adding it to a new one - it does not affect access to FTP directories in any way.
He still can go to the forbidden group, to the allowed one - Access denied
After some time, empirically - 5 minutes, the rights return to normal. Where it is necessary - it lets, where it is not necessary - it does not let.
Where do these 5 minutes come from, and how to chop them off?
The point is that while this is all in test mode, perhaps these 5 minutes - this is still no one gets on ftp at all. And if someone gets into this gap, these 5 minutes will be updated and continue indefinitely.
I already set the credentialsCache parameter to false, set flushInterval to the minimum 5 seconds - it does not help!
For the ftp server pool, I set idle to 1 minute, after which the completion - does not help!
Restarting the ftp server helps every other time. Either it works or it doesn't. The pattern has not been established :)
The next week it will be launched - but the solution cannot be found.
Help!

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alex K, 2018-02-13
@calk

The problem was solved by a stupid reboot of the entire server :)))
Or rather, at first I still googled and tried this:
https://social.technet.microsoft.com/Forums/ru-RU/...
====== ===============
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
FileInfoCacheLifetime = 0
FileNotFoundCacheLifetime = 0
DirectoryCacheLifetime = 0
The value for each key are all REG_DWORD
======= ============== I rebooted
the test server (cloned from the main one, which we will launch tomorrow, but cloned with the problem that has already arisen) - and everything worked.
Then the thought crept in to me just to overload the main one. Reloaded - voila!
But, just in case, I entered these parameters into the registry, and rebooted again.
Now everything works like clockwork.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question