Configuring your FTP site on IIS 5.0 is a snap
Editor's Note: Each month, this column discusses various aspects of the advanced administration of e-business sites. This month's column examines configuring FTP servers on IIS 5.0 and how you can easily leverage the power of Microsoft FTP Server on Win2K.
When you install Windows 2000 Server, Win2K Advanced Server, or Win2K Datacenter Server, IIS creates a default FTP site. As it can with Web servers, IIS can host several FTP servers on one Win2K server. One computer running Win2K Server and hosting multiple FTP sites simultaneously gives the appearance of being several computers. In addition, each FTP site can host more than one domain name. Because an FTP site mimics the appearance of an individual computer, the sites are sometimes called virtual FTP servers.
In this issue, I show you how to set up and configure an IIS FTP server and publish information to your FTP site. To execute the tools, tips, and tricks that I show you in this article, you need access to Win2K Server, Win2K AS, or Datacenter with IIS 5.0 installed.
Configuring the FTP Server
FTP is the protocol used to copy files to and from remote computer systems that use TCP/IP; it's also the transport mechanism that many (if not most) of the content-management solutions on the Internet use. This protocol lets you use FTP commands (or programs) to work with files (e.g., listing files) and directories on the remote system.
The default FTP server that IIS 5.0 installs is preconfigured and ready to go with Anonymous access immediately after installation. Just as Web servers use TCP port 80 by default, FTP servers use TCP port 21 to respond to requests. If your network has a name-resolution system (typically DNS), then visitors can type ftp:// followed by your site's DNS name in the address bar of their browsers or FTP clients to reach your site (e.g., ftp://ftp.microsoft.com). If your network doesn't have a name-resolution system, visitors must type ftp:// and your server's numerical IP address. Command-line users can use standalone command-line FTP programs that are available on many platforms and OSs, including Windows.
Anonymous FTP access is an authentication mechanism identical to that of Anonymous authentication for the IIS 5.0 Web server. Because IIS 5.0 uses the IUSR_computername account to provide anonymous access, users can connect to your FTP server without having to provide usernames and passwords (with the exception of a username of Anonymous and an email address as a password). You can always specify a different account for anonymous access and restrict access to resources that use NTFS permissions. Note that even when you enable Basic authentication, Anonymous authentication always takes precedence, and the IIS 5.0 FTP server will use it first.
Let's sift through some common configuration items that you'll most likely establish on your FTP server. These items include setting informational messages that give users details about the site when they connect to it, limiting FTP site access, and designating write privileges.
Setting informational messages. Informational messages can take the form of a greeting message that welcomes users to the FTP site when they first log on and an exit message that users see when they log off. To set such messages, open the Microsoft Management Console (MMC) Internet Information Services snap-in, right-click Default FTP Site, then select Properties. Click the Messages tab, which Figure 1 shows, and type a Welcome message and an Exit message. You can also enter a Maximum Connections number to limit the number of connections to your FTP server. Now when users connect to your FTP site, they receive a welcome message, and when they log off, they see a good-bye message.
Limiting FTP site access. When you click the Security Accounts tab on the Default FTP Site Properties dialog box, you see that the Allow Anonymous check box is selected. Enabling this option lets users anonymously authenticate on your site. If you want to extend FTP access to domain users only, clear this check box and make sure user accounts exist for each person you want to authenticate.
Designating write privileges. On the Home Directory tab of the Default FTP Site Properties dialog box, which Figure 2 shows, you can see that by default, IIS doesn't extend write privileges to users of your FTP site. If you want to let users on your FTP site copy files to your site, you need to select the Write check box. Write privileges on multiple FTP sites on one server, combined with removing Anonymous authentication, are the heart and soul of many Web site content-management solutions for application service providers (ASPs) and ISPs.
One of the main drawbacks of using FTP as a content-management solution in secured sites is that you lose file permissions (e.g., ACLs) and attributes in the transfer. For example, if you secure a Web page by applying ACLs to it while the page is on your development or staging server, then use FTP to copy that file to a production server, you lose the file permissions in the process. Content Replication System (CRS), which shipped with Microsoft Site Server 3.0 and now ships in Microsoft Application Center 2000, overcomes the problem by retaining file permissions and attributes when you copy files. CRS employs a file-transfer mechanism similar to FTP, but because CRS has superior capabilities, Microsoft uses it extensively internally for content management.
FTP Tips and Tricks
You can make your FTP site more feature-rich than most FTP sites on the Internet. To do so, try these three tips when you configure your site. (I found the last two tips in the Microsoft Developer Network—MSDN—Library.)
Tip 1: Add Custom Messages
The FTP service supports annotating a directory with custom messages when a user navigates to that folder. This annotation text resides in a special text file called ~ftpsvc~.ckm, which you create in the directory you want to annotate. If this file exists in the target directory when an FTP user navigates to it (a Change Directory Certified Web Developer—CWD—FTP operation), the FTP service responds by displaying the contents of this file. By default, the FTP service is configured not to send annotation text. If you choose to add a custom message, you need to also create the annotation file. I recommend that you make the annotation file a hidden file so that it doesn't appear on a directory listing.
The FTP service maintains many of its parameters in the Win2K registry. To turn on annotation text on your FTP server, use regedit to add the AnnotateDirectories parameter with a value of 1. Drill down to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters registry subkey. Right-click Parameters, select New, then select DWORD Value to add a REG_DWORD value for AnnotateDirectories. Name the REG_DWORD value AnnotateDirectories, then double-click it to show its properties. Change the Value Data field from 0 to 1. After you complete these steps, your registry subkeys for FTP parameters will look like the example that Figure 3 shows.
Next, create a folder on your FTP site (the default folder is \inetpub\ftproot—I called my folder \timh). Use Notepad to create the ~ftpsvc~.ckm file in that folder. On my Win2K server, the absolute path to this file is C:\inetpub\ftproot\timh\~ftpsvc~.ckm. Type a message for the contents of the file, and save it. I entered the text Hello and welcome to this special folder on my FTP site! as the contents of my file.
Now, use any FTP client to connect to your site. To use the command-line-based FTP client, follow these steps:
- Open a command prompt, and type
FTP localhost
- Log on as Anonymous, then type your email address as a password.
- Type
CD
for change directory to the folder you created that contains the annotation text file. (In my case, I typed CD timh.)
The custom annotation text appears in a format similar to that in Figure 4.
Previous
)
)
Register
Eduardo Gusmao August 23, 2002