Procedure for running the Serv-u ftp server software with normal Permissions

By default, Serv-U runs with the SYSTEM permission. Serv-U has a default Management User (username: localadministrator, password: #|@$ ak #. | k; 0 @ p). An account that can access the local port 43958 may add or delete accounts and execute commands with the SYSTEM permission.
 
After modifying the account number and password of the Management Terminal of serv-u, the modified content is retained in the servudaemon.exe file. Therefore, it is possible to obtain the modified port, account, and password using the hexadecimal editing software such as Ultra Edit after downloading.
 
Through the operation method of this article, the Serv-U.exe runs with common Custom User Permissions, even through Serv-U command execution is only normal user permission in the execution of the command, can prevent malicious Elevation of Privilege operations.
 
Because there are many operation steps and they are complicated, please test them first and then set them on the server. If you have any questions, contact our Customer Service staff at www.zcnt.com.
 
 
 

• Open WindowsTask Manager, view Serv-U.exeRunning user permissions

 
As shown in, if the SYSTEM user is displayed, the SYSTEM permission is running, which is very dangerous.







 
2 , Set Serv-U Run with common user permissions to create a user Serv-U_user





Select only two options.
(1) The user cannot change the password
(2) password does not expire
 

After a user is created, the user is added to the Users group by default. Modify the user attributes and cancel the Users Group.
 

Select Users and delete
 
 


In this way, new users are not added to any group.
 
 
3 Modify Serv-U NTFS in the installation directory Permission
 
Suppose we install the Serv-U software in the D: \ Serv-U directory, modify this directory, and only retain
(1) full control of Administrators
(2) Full SYSTEM Control
(3) full control of Serv-U_user
If you have other user permissions, delete them.





 
 
 

Other permissions may appear here, except the two
(1) full control of Administrators
(2) Full SYSTEM Control
All other permissions are deleted.
 
The directory cannot be deleted because it inherits the permissions of the parent directory. Click "advanced" to cancel the inherited permissions.
 



 
 












Now you can delete it.
 





Delete the user. Only the following two permissions are retained.
(1) full control of Administrators
(2) Full SYSTEM Control
 
Click Add to add the Serv-U_user user






 

Select a Serv-U_user user, click full control to grant full control to the Serv-U_user user

4 To Serv-U , D Disk Serv-U_user Add the "read permission" permission




In the drive D attribute, we only have two permissions.
(1) full control of Administrators
(2) Full SYSTEM Control
If you have other permissions, retain them, such as MySQL, and do not delete them to prevent other programs from running.
 
Here we only add one permission. Click "advanced"
 





 


Select only the following two options.
(1) only the folder
(2) read permission
 
Note: Do not select the two places correctly. Not the "read data" permission
 
 
5 Set Serv-U The startup user, modified to Serv-U_user User Startup




If Serv-U is running, click "stop" to stop Serv-U first.
 



Select this account, enter the Serv-U_user and password, and then click OK.
 

Here the Serv-U_user user is automatically granted the service LOGIN permission, do not manually join.
 
 

Click Start to start Serv-U.
 
 

Open the Windows Task Manager and we see that the Serv-U.exe is already running in the Serv-U_user user.
 
 
The Serv-U part has been configured.
 
Note
 
For earlier versions of Serv-U , FTP The logon username and password may be stored in the registry. HKEY_LOCAL_MACHINE \ SOFTWARE \ Find Serv-U And assign the Serv-U_user Read and write permissions. Otherwise, Serv-U It may not be able to read or write.
 
 
6 Modify the FTP server NTFS Permission
 
Since the previous Serv-U is the SYSTEM permission is running, now after downgrading the custom Serv-U_user user, this user can not read and write the FTP directory, it can not FTP upload download file, you need to grant full control of the Serv-U_user to the Server FTP directory so that Serv-U can read and write and FTP upload files.
 
Assume that the FTP home directory is D: \ home.
 
Note:
If the FTP directory is another directory, such as disk F, you need to add a Serv-U_user user's "read permission" to disk D. For the setup steps, see the instructions in step 1 above.
 

Grant Serv-U_user full control of this directory
 
 

For specific website FTP directory, for example, the client web111 FTP directory, on the basis of the original add Serv-U_user full control, so that Serv-U can read and write web111 directory.
 
If you are using virtual host management software, when you activate the space, while adding Serv-U_user users with full control of permissions.
 
 
7 Disable Windows Disk Quota for Serv-U_user Restrictions on hard disk space used by users




 
If the disk quota limit is enabled, remove the quota limit for Serv-U_user users to avoid File Upload failures over FTP.