This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Is it possible to set different permissions on a subfolder of user's home folder?

I've always used active directory user accounts prior to this, and setting permissions is pretty simple.  We have a client who must be able to use key authentication, so I'm setting up a new host that will use user accounts created within the Serv-U app - since Serv-U is unable to do key authentication with active directory accounts.

Here is my challenge - I want the users home folder to be read-only, with two subfolders "Inbound" and "Outbound", and I want the users to have read/write access to the "Inbound" folder.  So I have a user "Test" and it has a home folder F:\Sites\Test.  And in Domain - Users - Domain Users, in the "Test" properties, "Directory Access" tab, I have %HOME% configured for read access (R-----L---I).  Is there a way to add a second line to that, something like %HOME%\Inbound or F:\Sites\Test\Inbound (neither of those work) and set it to read/write, so I can have users logging in & able to write to an inbound folder and read-only to an outbound folder?

Hope someone can point me in the right direction here.  I think beyond that I can knock the rest of this out.

  • If you are adding "Directory Access" permissions, you can untick the "inherit" option on the top level folder (above Inbound and Outbound) and then you can specifiy explicit permissions per folder.

  • Thanks for replying, it reminded me of the thread and that I should share what I learned in case anyone else runs into it.  I did eventually solve this.

    In the user properties, I left the user's directory access settings at %HOME% = RWADN-LCRNI.  That's like wide open read/write access.  And then I modified the NTFS permissions on the site folder like this -

    At the root of the site's home folder, I have "domain admins" with full access.  I removed everything else but left the local "administrators" group and "SYSTEM" with read-only access.  Then inside that root folder I have two subfolders, one for outgoing files and one for incoming files.  The folder for outgoing files I left the same as the root.  That gives the external user read-only access.  The incoming folder, where the external user will upload, I bumped "SYSTEM" up to read/write (I left the local "administrators" group at read-only and everything works exactly how I need it to work.  It is possible I don't need that local "administrators" group in there at all.  I'll fiddle with that someday when I have time).

    Short story - It IS possible to affect folder permissions using NTFS access settings for Serv-U user accounts.  If you can't use active directory user accounts because you need to deploy key authentication, there is a way to make it happen.

  • Thanks , changing the NTFS permissions will affect the whole of serv-u rather than specific users in it, so I would not generally recommend it. However if you have a very specific setup and all users have this same permissions requirement I can see why it would work.

    If you need more users with different permissions, try my solition above as it will give you a lot more control and flexibility and be able to manage it through serv-u rather than lower level NTFS permissions.