Rotten mud: Share AD and Server-U integration permission Control

This article was sponsored by 51cto.com and first launched in the dark world.

Solemnly declare that this blog cannot be reposted on any website without my permission.

A few days ago, I shared an article about AD and Server-U integration. I will introduce it specially today. AD and Server-U permission control issues. In fact, the permission control through AD is still very inaccurate. It should be said that the permission is controlled through the NTFS file system. AD only controls the account.

As I mentioned in the previous article, the "Directory Access" permission Control for organizations in Server-U is superimposed on NTFS permission control. now it seems that the conclusion was somewhat arbitrary, because there are other things involved in the middle. NFTS permission settings, root directory settings, and Access Directory settings. Next we will introduce it.

Scenario 1: The NFTS permission has been configured. the root directory of the Organization has been configured, but the Access Directory has not been set.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image001 "border =" 0 "alt =" clip_image001 "src =" http://www.bkjia.com/uploads/allimg/131228/0223495L0-0.png "height =" 380 "/>

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image003 "border =" 0 "alt =" clip_image003 "src =" http://www.bkjia.com/uploads/allimg/131228/02234aY9-1.jpg "height =" 326 "/>

NFTS permission set

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image005 "border =" 0 "alt =" clip_image005 "src =" http://www.bkjia.com/uploads/allimg/131228/0223492Z9-2.jpg "height =" 316 "/>

The root directory of the highest organization in the organization has been set.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image007 "border =" 0 "alt =" clip_image007 "src =" http://www.bkjia.com/uploads/allimg/131228/0223494160-3.jpg "height =" 203 "/>

Directory Access for level-2 organizations is not configured

FTP access is as follows:

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image009 "border =" 0 "alt =" clip_image009 "src =" http://www.bkjia.com/uploads/allimg/131228/0223496254-4.jpg "height =" 550 "/>

We can clearly see that the user "erxian1" is a directory that can be configured normally for a period of time. Now we try to create or delete files or folders in this directory.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image011 "border =" 0 "alt =" clip_image011 "src =" http://www.bkjia.com/uploads/allimg/131228/02234a136-5.jpg "height =" 368 "/>

As you can see, when we try to rename the folder, the system prompts that we have no permission to operate the folder. When creating a folder, the system prompts the following:

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image012 "border =" 0 "alt =" clip_image012 "src =" http://www.bkjia.com/uploads/allimg/131228/022349AJ-6.png "height =" 305 "/>

From the above facts, we can see that we cannot perform various operations in this directory. Now, we will grant the "Directory Access" permission to the level-2 Organization to see how to grant all its permissions ).

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image014 "border =" 0 "alt =" clip_image014 "src =" http://www.bkjia.com/uploads/allimg/131228/0223494M9-7.jpg "height =" 460 "/>

Now we can access and operate the folder again, for example:

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image015 "border =" 0 "alt =" clip_image015 "src =" http://www.bkjia.com/uploads/allimg/131228/02234954B-8.png "height =" 249 "/>

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image016 "border =" 0 "alt =" clip_image016 "src =" http://www.bkjia.com/uploads/allimg/131228/0223496455-9.png "height =" 279 "/>

Scenario 2: The NFTS permission is configured and the Access Directory of the level-2 organization is configured, but the highest root directory of the organization is set.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image017 "border =" 0 "alt =" clip_image017 "src =" http://www.bkjia.com/uploads/allimg/131228/0223491H4-10.png "height =" 253 "/>

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image019 "border =" 0 "alt =" clip_image019 "src =" http://www.bkjia.com/uploads/allimg/131228/0223492Q0-11.jpg "height =" 334 "/>

After you log on to FTP, you will find that one cannot log on, for example:

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; "title =" clip_image020 "border =" 0 "alt =" clip_image020 "src =" http://www.bkjia.com/uploads/allimg/131228/02234922N-12.png "height =" 376 "/>

We can summarize the above two cases. The integration permissions of AD and Server-U must be considered in two aspects. The first is the access permission of the directory, the second is the operation permission of the directory, and the third is the premise that you can log on to FTP, that is, you must set the root directory of the Organization, otherwise, you cannot log on to FTP. When setting permissions, we can perform special settings as needed.

This article from the "muddy world" blog, please be sure to keep this source http://ilanni.blog.51cto.com/526870/1151100