[isalist] Re: FTP Delete
- From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 1 Jun 2006 09:06:12 +1000
From what i've read on this stream, this is probably not the case, but since it
seems to be getting to 'Let's try any God Dammed thing" point, I'll throw this
in.
About 18 months ago, we had a similar issue, users could FTP stuff up to the
server, drag it back but no matter what we tried, under any username /
password, deletes would only work from a single PC.
After looking for weeks, and the company hosting the UNIX/FTP server denying
all knowledge of anything, it turned out that the guy who admistered the UNIX
box hosting the FTP server, had allowed delete to occur only if originating
from a specific workstation, this was the workstation of the person who had
originally signed the hosting agreement To this day we are not sure how he got
the wworkstation name, but some how he did, and put this into a allow delete
restriction on the FTP server.
We had them remove that restriction, and everything was back to normal.
From: Jim Harrison
Sent: Thu 01/Jun/2006 08:38
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete
http://www.ISAserver.org
-------------------------------------------------------
Hmm...
Whodathunkit?
:-p
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Wednesday, May 31, 2006 15:10
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete
http://www.ISAserver.org
-------------------------------------------------------
The thing is that she uses the same FTP user account in all instances- when she
logs into the SBS/ISA box as administrator, then FTPs to the SBC server under
the shared FTP user credentials, she can do everything she needs: RWD.
This behavior is the same when she logs in from a "direct" connection not
behind the SBS/ISA box.
However, when she logs in to the SBC FTP site under the same FTP user
credentials from an XP box, either as a normal user or the domain administrator
account, she can RW, but not delete.
This tells me that the traffic from the client is being handled differently
than the traffic from the server. The big question is "why?" It can't be the
FTP filter "read only" because the clients can upload.
So, there is some rule that allows or pre-empts other rules that apply to
LocalHost that don't apply to Internal Network, or there is some proxy config
or something on the client end that horks the works.
At this point, a network trace is in order...
t
On 5/31/06 1:59 PM, "Troy Radtke" <TRadtke@xxxxxxxxxxxx> spoketh to all:
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Have you checked file system permissions? Since we don't know the OS,
> I'm guessing not. That could explain write but not delete privileges,
> regardless of whatever permissions the user has on the FTP software.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Wednesday, May 31, 2006 3:22 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> By server, I meant one of the local servers on site, not the FTP server.
> Sorry for not being clear.
>
> I don't know that OS the FTP server runs. I don't think it matters for
> this issue.
>
> Amy
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Young, Gerald G
> Sent: Wednesday, May 31, 2006 4:11 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> What platform is it?
>
> And I didn't quite understand what you meant when you said:
>
> "If administrator logs into the workstation, no delete. If
> administrator logs into the server, then delete works."
>
> Do you mean to say that if a delete is attempted remotely it doesn't
> work but if it's attempted on the server it works fine?
>
> You say that it's the same FTP login credentials for all users.
>
> If it works for you but not someone else, might the restriction be
> based off of source IP?
>
> Cordially yours,
> Jerry G. Young II
> MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY MATERIAL and is thus for use only by the intended
> recipient. If you received this in error, please contact the sender
> and delete the e-mail and its attachments from all computers.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Wednesday, May 31, 2006 4:05 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> The FTP site is not a Windows 2003 server.
>
> Amy
>
>
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Young, Gerald G
> Sent: Wednesday, May 31, 2006 3:50 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: FTP Delete
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Amy,
>
> If the users are getting a 550 access denied error that indicates to
> me that traffic is passing between the client and server just fine.
> I'd look at the permissions on the particular file that they are
> attempting to delete.
>
> If the server is Windows 2003, you can open up properties on the file
> in question, flip over to the security tab, hit the advanced button,
> then flip to the effective permissions tab, plug in the user in
> question and see what their effective permissions are for that file.
>
> A lot of people will miss specific deny permissions on files, which
> will take precedence over any allow permissions.
>
> Cordially yours,
> Jerry G. Young II
> MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY MATERIAL and is thus for use only by the intended
> recipient. If you received this in error, please contact the sender
> and delete the e-mail and its attachments from all computers.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Wednesday, May 31, 2006 3:14 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] FTP Delete
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I have a client whose FTP site is hosted by SBC. Local users are
> unable to delete files on the FTP site. They get a 550 access denied error.
> We've tried various FTP clients and IE with the same results. All
> local PC's are XP SP2 running the firewall client. SBC insists this is
> a local firewall issue. I'm not seeing it. Anyone think SBC's
> diagnosis has any merit? The only thing that has me questioning myself
> is that if I log onto the server as administrator and attempt to
> delete from the FTP site, I can.
>
> I have loads of successful FTP connections and only 2 denied packets
> in the last 24 hours. They look like this:
>
> Original Client IP Client Agent Authenticated Client Service Server
> Name Referring Server Destination Host Name Transport MIME Type Object
> Source Source Proxy Destination Proxy Bidirectional Client Host Name
> Filter Information Network Interface Raw IP Header Raw Payload Source
> Port Processing Time Bytes Sent Bytes Received Result Code Cache
> Information Log Record Type Log Time Destination IP Destination Port
> Protocol Action Rule Client IP Client Username Source Network
> Destination Network HTTP Method URL Error Information HTTP Status Code
> 70.229.250.114 - SVCTAG-H442T91 -
> TCP - - - -
> - - 1540 0 0 0 0xc0040017
> FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 Firewall
> 5/31/2006 9:25:26 AM 68.142.234.92 21 FTP Denied Connection -
> 70.229.250.114 - Local Host External 0x0 Amy
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
