Opened 10 years ago

Closed 10 years ago

#5323 closed Feature request (rejected)

Associating "Public" permission with a windows user or group for CHMOD commands.

Reported by: OruchReis Owned by:
Priority: normal Component: FileZilla Server
Keywords: CHMOD, windows user, iis user Cc:
Component version: Operating system type: Windows
Operating system version:

Description

Hi,
As you know, CHMOD command is for Unix like systems. But there is a solution for Windows. And the ftp servers that support custom SITE commands can do CHMOD command. If Filzezilla server supports assigning "public", "group" and "owner" permissions to a windows user or group, we can use chmod commands even if the os is windows. But how? The answer is here:
IIS has anonymous users to access the file system. For example, if a php script can access to a folder, it can access via iis_domain.com user which is an anonymous user account in Windows. And IIS run php script with this user. So, if iis_domain.com user doesn't has any write access to a folder, php script can't write to this folder. In unix, the user can use CHMOD to give write permission to public (anonymous) user.
So, If there is an option in filezilla server, we can assign a windows user to "public" permission of CHMOD. For example, we can assign iis_domain.com to "public" permission, and if we send,
SITE CHMOD xx6 A_Folder
filezilla server will execute this:
cacls.exe A_Folder /E /G "iis_domain.com":C

So CHMOD can be used in windows host. It is very very useful for shared web hosting.

Every chmod's public permission command has equivalent in windows permission:
xx4 => :R (Read)
xx6 => :C or :RW(Change)
xx7 => :F (Full)
xx2 => :W (Only Write)
xx1 => :X (Only Execute)
xx5 => :RX
etc..

Regards.

Change History (1)

comment:1 Changed 10 years ago by Tim Kosse

Resolution: rejected
Status: newclosed

Unfortunately the Windows permissions system is extremely difficulty to use programmatically.

This is why the permissions system of FileZilla Server has been designed specifically to be as independent from system based permissions as possible.

Note that directly calling cacls.exe is not a very good idea as it would likely cause some interesting races in which some other program, perhaps even some parallel FTP connection in FileZilla Server, moves files around, creates symlinks and such, thus ultimately breaking out of the virtual directory tree. The only sane solution would be to associate each user account in FileZilla Server with an individual Windows account and spawning worker processes running in the context of each logged in user.

Note: See TracTickets for help on using tickets.