I'm running Filezilla server on my dedicated windows 2003 server.
It uses its own user-access control system.
The Filezilla server service itself is running under the System user.
When I setup users within the FTP Server Administrator Interface, I do not need to setup equivalent users, or adjust permissions on folders to allow users to login.
Example:
- I setup TestFTP user with password 'p'
- I set the home directoy of TestFTP user to be e:/website
- I verify that e:/website only has permission for the System and Admin accounts (right click -> security in windows explorer)
TestFTP is able to login to the server just fine.
I'm OK with this (perhaps due to ignorance?).
Is it generally frounded upon to utilize a FTP Server such as FileZilla Server that bypasses the built-in UAC in this method?
If I wasn't clear enough, please let me know.
Filezilla has its own built in security layer to allow you to create users within the software rather than depending on existing Windows accounts. I use this on several servers and have tested it pretty thoroughly and found no problems with this approach. Keep in mind that it doesn't mean TestFTP suddenly has the same access to the hard drive as the LocalSystem user does - Filezilla security prevents that.
If you're uncomfortable with this arrangement, IIS is probably more suited for your needs.