Is it possible to set different permissions on a subfolder of user's home folder?

I've always used active directory user accounts prior to this, and setting permissions is pretty simple.  We have a client who must be able to use key authentication, so I'm setting up a new host that will use user accounts created within the Serv-U app - since Serv-U is unable to do key authentication with active directory accounts.

Here is my challenge - I want the users home folder to be read-only, with two subfolders "Inbound" and "Outbound", and I want the users to have read/write access to the "Inbound" folder.  So I have a user "Test" and it has a home folder F:\Sites\Test.  And in Domain - Users - Domain Users, in the "Test" properties, "Directory Access" tab, I have %HOME% configured for read access (R-----L---I).  Is there a way to add a second line to that, something like %HOME%\Inbound or F:\Sites\Test\Inbound (neither of those work) and set it to read/write, so I can have users logging in & able to write to an inbound folder and read-only to an outbound folder?

Hope someone can point me in the right direction here.  I think beyond that I can knock the rest of this out.

  • If you are adding "Directory Access" permissions, you can untick the "inherit" option on the top level folder (above Inbound and Outbound) and then you can specifiy explicit permissions per folder.

  • Thanks for replying, it reminded me of the thread and that I should share what I learned in case anyone else runs into it.  I did eventually solve this.

    In the user properties, I left the user's directory access settings at %HOME% = RWADN-LCRNI.  That's like wide open read/write access.  And then I modified the NTFS permissions on the site folder like this -

    At the root of the site's home folder, I have "domain admins" with full access.  I removed everything else but left the local "administrators" group and "SYSTEM" with read-only access.  Then inside that root folder I have two subfolders, one for outgoing files and one for incoming files.  The folder for outgoing files I left the same as the root.  That gives the external user read-only access.  The incoming folder, where the external user will upload, I bumped "SYSTEM" up to read/write (I left the local "administrators" group at read-only and everything works exactly how I need it to work.  It is possible I don't need that local "administrators" group in there at all.  I'll fiddle with that someday when I have time).

    Short story - It IS possible to affect folder permissions using NTFS access settings for Serv-U user accounts.  If you can't use active directory user accounts because you need to deploy key authentication, there is a way to make it happen.

  • Thanks , changing the NTFS permissions will affect the whole of serv-u rather than specific users in it, so I would not generally recommend it. However if you have a very specific setup and all users have this same permissions requirement I can see why it would work.

    If you need more users with different permissions, try my solition above as it will give you a lot more control and flexibility and be able to manage it through serv-u rather than lower level NTFS permissions.