Our Blog

Share

FTP (File Transfer Protocol) allow clients to transfer/download/upload their files using File Transfer Protocol. FTP is very useful for Shared Hosting Service providers, Internet Service providers etc. to allow their clients to upload/download/transfer files through FTP. In Windows Server 2008 R2 Microsoft FTP 7.5 is available as Role Service for Web Server (IIS 7.5). FTP 7.5 is tightly integrated with Web Server (IIS 7.5). Before installing FTP make sure Web Server (IIS) is installed, refer Install IIS on Windows Server 2008. In this article we are going to see how to setup a shared FTP Server for allowing clients of a Shared Web Server to transfer contents of their websites.

Install FTP for IIS 7.5 on Windows Server 2008 R2

Click Start >> Administrative Tools >> Server Manager. In the Server Manager hierarchy pane expand Roles and then click on Web Server (IIS).

Install FTP for IIS 7.5 : Server Manager

Click on Add Role Services which will launch Select Role Services window as shown below. Select FTP Service and FTP Extensibility services from the list. Click Next.

Install FTP for IIS 7.5 : Select Role Services

On Confirm Installation Selections page click Install.

Install FTP for IIS 7.5 : Confirm Installation Selections

On Installation Results page click Close to exit the Add Role Services wizard.

Install FTP for IIS 7.5 : Installation Results

Check Firewall Rules to Allow inbound FTP Traffic

After installation of FTP Server make sure that there are Inbound firewall rules in place to allow inbound FTP traffic. To check this follow below steps:

Click Start >> Administrative Tools >> Windows Firewall with Advanced Security and then click on Inbound Rules and check if three inbound firewall rules exists as highlighted in below snapshot.

  1. FTP Server (FTP Traffic-In): This rule allows inbound traffic on TCP port 21 for FTP Service.
  2. FTP Server Passive (FTP Passive Traffic-In): This rule allows inbound traffic on TCP ports greater than 1023 for FTP Service. This is required for FTP Service to work in passive mode.
  3. FTP Server Secure (FTP SSL Traffic-In): This rule allows inbound traffic on TCP port 990 for FTP Service over SSL.

If these rules doesn’t exists then create them.

Install FTP for IIS 7.5 : Firewall Rules

Create a FTP Site using the FTP Site Wizard

We installed FTP for IIS 7.5 and also checked/created firewall rules to allow inbound traffic necessary for serving FTP services. However without creating a FTP Site, the FTP Server doesn’t listen on port 21 and you can not connect to the FTP Server. Now we will create a Default FTP Site.

Click Start >> Administrative Tools >> Internet Information Services (IIS) Manager.

Expand the Server from server hierarchy pane and then expand sites.

Right click on Sites and then click on Add FTP Site…

Setup FTP Server : Create FTP Site

Add FTP Site: FTP Site Information

  • FTP site name: Enter the name of this FTP Site.
  • Physical path: Select the physical folder from where contents to FTP Users will be served. This is called root of the FTP Server. I choose %systemdrive%\inetpub\ftproot.
  • Click Next.
Setup FTP Server : Site Information

Add FTP Site: FTP Binding and SSL Settings

  • IP Address: Select IP address from the drop down list on which FTP Server will work. Select All Unassigned to allow it to work on all IP addresses.
  • Port: Enter TCP port number on which this FTP Server will listen on. Default FTP port is 21.
  • Enable Virtual Host Names: To bind a host name with this FTP site enable this option and then specify host name e.g. ftp.gopalthorve.com.
  • Start FTP site automatically: Select this option to start this FTP site automatically.
  • SSL: Select No SSL option. We will implement SSL feature some time later.
  • Click Next.
Setup FTP Server : Binding and SSL Settings

Add FTP Site: Authentication and Authorization Information

  • Authentication: Select Basic because we want to use Windows built-in authentication method that requires users to provide valid Windows username and password to gain access to contents. Later we will configure FTP User isolation to restrict users to their respected folders.
  • Allow access to: Select Specified roles or user groups from the drop down list and then enter the name of group which holds all FTP Users (as we discussed in Local Users, local group and local security policies on Windows Server 2008). In my case the group is FTPUsers.
  • Permissions: Select both Read and Write.
  • Click Finish to add the FTP Site.
Setup FTP Server : Authentication and Authorization Information

Planning directory structure for FTP Server

The FTP Server we setup above allows all clients to logon to the FTP Server and all FTPUsers are granted access of the ftproot folder (i.e. %systemdrive%\inetpub\ftproot). As we are going to configure a shared FTP Server to allow customers of a Shared Web server to manage contents of their websites and accounts, the directory structure must be planned accordingly. Directories must be organized in such a way so that we can easily manage and allow clients to access their respective directories only. I have designed a directory structure as given below for my shared FTP Server.

Setup FTP Server : Folder Structure for a Shared FTP Server

Parent Directory (%systemdrive%\HostingSpaces)

The parent directory which will contain sub-folders for each customer. I created %systemdrive%\HostingSpaces directory which will hold a sub-directories in it for each of client.

NTFS Permissions for this directory:

  1. Remove inheritable permissions from parent on %systemdrive%\HostingSpaces directory.
  2. Grant permissions to SYSTEM, Administrators on this object.

Client’s Home Directory (client1, client2 etc.)

Each shared hosting customer will have it’s own directory created under the parent directory and each directory must be named after Windows Local User account name created for that particular customer. Initially I have two customers respectively client1 and client2 and hence I created two directories client1 and client2 in parent directory (%systemdrive%\HostingSpaces), also create two Windows Local User account client1 and client2 and add them to FTPUsers group as discussed in Local Users, local group and local security policies on Windows Server 2008. Each client’s home directory must be given read/write permissions to that specific customer user account e.g. client1’s home folder is client1 and it must be given read/write permissions to user client1.

NTFS Permissions for these directories:

  1. It must inherit permissions from it’s parent i.e. %systemdrive%\HostingSpaces
  2. Each client must be granted access to its directory i.e. client1 user account must have Modify, Read & Execute, List folder contents, Read, Write permissions on its home directory client1.

Content Directories

Client can upload anything to this directory. By default it contains client’s hosted domains here i.e. client1domain1.com, client1domain2.com etc., which will further hold website contents in wwwroot directory, data in data directory and logs in logs directory.

FTP User Isolation

The FTP Site we recently created (Default FTP Site) allows each client session to start in the root directory of FTP Site i.e. %systemdrive%\inetpub\ftproot, because there is not FTP User Isolation configured on this FTP Site so far. By default FTP Site is configured to “Do not isolate users. Start users in: FTP root directory” which allows every ftp session to start in ftp root directory of the FTP Site.

We want to configure FTP Site such that each customer account must have access to it’s own folder only and each customer’s FTP session must start in it’s own home (root) folder named after it’s username. Microsoft FTP support one such FTP User Isolation mode called “Isolate users. Restrict users to the following directory: User name directory (disable global virtual directories)“. This mode requires us to create a folder named LocalUser under root of the FTP Site (%systemdrive%\inetpub\ftproot\LocalUser) which will further contain customer’s home folder (i.e. client1, client2 etc.). However I don’t want to put customers folder in %systemdrive%\inetpub\ftproot\LocalUser folder instead I want to put all those folders in %systemdrive%\HostingSpaces folder. To accomplish this we will need to create a Virtual Directory called LocalUser under recently created FTP Site which will point to physical folder %systemdrive%\HostingSpaces folder. To create Virtual Directory follow below steps:

Create Virtual Directory

  1. Start Internet Information Services (IIS) Manager. (Start >> Administrative Tools >> Internet Information Services (IIS) Manager)
  2. Expand Sites
  3. Right click on Default FTP Site we created recently and then click Add Virtual Directory…
  4. Alias: Enter LocalUser in this text box, remember to type with exact case it must be LocalUser with capital L and U.
  5. Physical path: Select physical path where this virtual directory will point to i.e. (%systemdrive%\HostingSpaces).
  6. Click OK to create Virtual Directory.
Setup FTP Server :: FTP User Isolation :: Add Virtual Directory

Finally configuring FTP User Isolation

  1. Start Internet Information Services (IIS) Manager. (Start >> Administrative Tools >> Internet Information Services (IIS) Manager)
  2. Expand Sites
  3. Click on Default FTP Site we recently created.
  4. Double click FTP User Isolation in feature view window in the middle.
  5. In “Isolate users. Restrict users to the following directory:” section select “User name directory (disable global directories)” option.
  6. Click Apply button to save changes.
Setup FTP Server :: Configure FTP User Isolation

Testing FTP Server

We have successfully setup FTP Server and now it’s time to check if everything is working fine. We can check FTP Server connectivity either using ftp command or using any FTP Client like FileZilla Client.

Testing FTP Server using ftp command:

  1. Open Command Prompt
  2. Type ftp at command prompt.
  3. Type “o 192.168.0.98” on the ftp prompt.  Use IP address on which your FTP Server is configured to listen on. If “All Unassigned” is used you can use any IP address of your system as well as you can also use localhost.
  4. Type FTP User name e.g. client1.
  5. Type Password for the FTP User e.g. password for user client1.
  6. If everything works fine then you will get the response “230 User logged in.”
  7. Type “dir” command and you will get directory listing of client1 home folder.
  8. Type “cd client1domain1.com” command and current working directory (CWD) changes to client1domain1.com
  9. Type “pwd” command to know the current working directory.
  10. Type “put” command to upload local file to FTP Server. When prompted for local file name enter entire file name along with path. When prompted for remote file simply press enter to upload file with same name or enter new name for file on FTP Server.
  11. Type “recv” command to download file from FTP Server. When prompted for remote file name enter name of the file to download and when prompted for Local file enter path where you want to download the file.
  12. Type “dele file_name” command to delete file from FTP Server, replace file_name with name of the file to be deleted.
  13. I have pasted a sample command session with my recently configured FTP Server.
C:\>ftp
ftp> o 192.168.0.98
Connected to 192.168.0.98.
220 Microsoft FTP Service
User (192.168.0.98:(none)): client1
331 Password required for client1.
Password:
230 User logged in.
ftp> dir
200 PORT command successful.
125 Data connection already open; Transfer starting.
06-06-12  07:37PM       <DIR>          client1domain1.com
06-06-12  07:37PM       <DIR>          client1domain2.com
226 Transfer complete.
ftp: 118 bytes received in 0.00Seconds 118000.00Kbytes/sec.
ftp> cd client1domain1.com
250 CWD command successful.
ftp> put
Local file c:\help.txt
Remote file
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
ftp: 5866 bytes sent in 0.02Seconds 244.42Kbytes/sec.
ftp> recv
Remote file help.txt
Local file d:\help.txt
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
ftp: 5866 bytes received in 0.00Seconds 5866000.00Kbytes/sec.
ftp> dele help.txt
250 DELE command successful.

Checking FTP Server using FileZilla FTP Client

We can also check FTP Server by using GUI based FTP client like FileZilla Client. Simply download the FileZilla Client and then install, after installation launch FileZilla.

  1. Host: Enter IP address on which your FTP Server is listening on.
  2. Username: Enter FTP Username e.g. client1
  3. Password: Enter password for FTP User
  4. Port: Enter FTP Port default is 21.
  5. Click Quickconnect button.
  6. Once connected you can download/upload/delete contents simply drag and drop functionalities.
Setup FTP Server :: Checking FTP Server using FileZilla Client

So that’s it for FTP Server for now. As far as more FTP Server settings are concerned I will be putting it under comments area of this article.  Later we will see how to create website in IIS 7.5.

Share

Gopal Thorve

4 comments
rsdethiya
rsdethiya

@Gopal  : I just wanted to ask how client1domain1.com directory was created in ftp folder?

Everything for me worked fine till user login, but after that it is giving errors

Do post back early.

-Ravi Dethiya

gopalthorve
gopalthorve moderator

@rsdethiya Hi Ravi,

1. Create a FTP Root directory anywhere on the system as discussed in this article (Manually).

2. Create a folder named after the windows user created for FTP authentication in the folder created in previous step.

3. Create a virtual directory pointing to the folder created in Step 1.

4. Configure FTP User Isolation.

Follow instructions at http://gopalthorve.com/local-users-local-group-local-security-policies/ and this article.

Read more:
Information required to configure POP3/IMAP Client

Information required to configure POP3/IMAP Client You will need to collect following details from your E-Mail/Hosting Service provider irrespective of...

Close