To modify access permissions for the files and folders of your Windows 2008 Web site you can use "Web\FTP Server > Access Permissions" HostPilot page.
The interface provides you options to set the specific permissions for the separate users (from "User Permissions" tab) and for the groups of users (on "Group Permissions" tab). You can change Read and Write permissions for all the site users that were created the same way as for the groups of users they belong to.
To make the process of updating Web site access permissions more flexible and to increase the overall performance of the operations we have enabled file permissions propagation for the account root folder. It means that all the permissions that were set for some folder on your account will be automatically pulled by all the sub-folders of that folder.
In the first "Inherited" column you can see the default permissions that were pre-set as a result of propagation from the parent folder.
Using the second "Explicit" column you can override the inheritance to either Allow or Deny users Read or Write access for the selected folder. Leaving the drop-down list in "Inherit" state means that the same propagated permissions will be set for the user.
The third "Effective" column shows the permissions that will be set as a result of propagation and the modifications made in the "Explicit" column.
As you found that Effective permissions list represents the access rights that should be given for your site users you can press "Save Changes" button to update the folder settings.
It is also possible to set the permissions for the entire groups of users. To switch to group permissions edit mode press the "Group Permissions" button.
When the new Windows 2008 account is set up there are 3 groups of users created automatically:
AllUsers - All the Site\FTP users that are created on the account are automatically added to this group. By default this group does not have any access permissions configured, so you may need to make sure that AllUsers group and the new user you add has proper access permissions set for the required folders of the Web site.
IIS_WPG - Web server Anonymous user and Applicartion Pool users belong to this group.
WebMasters - This is the special group for the users that have additional provileges on the account (like connecting to the server with IIS Remote Manager). Initially only the account System user is listed in the group, please refer to the article #1693 to find out how to make an additional user to be a member of the WebMasters group.
Please note that group access permissions take precedence over the end-user permissions. It means that if some folder has Deny Write access set for the specific group, it becomes not possible to Allow Write for the users of that group (you will see a grey "X" in the "Inherited" column indicating that). Still you should be able to set any needed access permssions for the sub-folders.
Please also note that due to the security restrictions of the shared invoronment it is not possible to create any additional groups for the Web site.
|
