Additional FTP user cannot download a file uploaded through PHP script.

Created:

2016-11-16 12:52:37 UTC

Modified:

2017-08-08 13:32:17 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Additional FTP user cannot download a file uploaded through PHP script.

Applicable to:

  • Plesk 12.0 for Windows

Symptoms

  1. Additional FTP cannot download a file uploaded through PHP script.
  2. Subscription's system user can download it without issues via FTP.

Cause

Insufficient permissions for additional FTP user on an uploaded file

Resolution

When .php script is being processed by IIS, it creates files under a domain's pool identity user. Downloading of the files under the main user (subscription's system user) is possible because uploaded files has psacln group added to its security settings and main user is a member of such group. So, this is an expected behavior.

To make uploaded files available for downloading by additional FTP accounts .php script should set proper permissions for these ones.

For example, make uploaded file to inherit permissions from its new location using PHP's exec() function:

    exec( 'icacls "uploaded_image_file" /q /c /reset' );

Since additional FTP user added to security settings for %plesk_vhosts%\\example.com\\httpdocs\\uploaded_files folder, after resetting permission it will be downloadable for this user.

It works like as below:

    C:\\Inetpub\\vhosts\\example.com\\httpdocs\\uploaded_files>icacls "uploaded_file.txt"
uploaded_file.txt WIN-11111111111\\IWAM_plesk(default):(I)(F)
WIN-11111111111\\psaserv:(I)(R)
WIN-11111111111\\psacln:(I)(R)
WIN-11111111111\\psaadm:(I)(R)
BUILTIN\\IIS_IUSRS:(I)(S,RD)
NT AUTHORITY\\SYSTEM:(I)(F)
BUILTIN\\Administrators:(I)(F)

C:\\Inetpub\\vhosts\\example.com\\httpdocs\\uploaded_files>icacls "uploaded_file.txt" /q /c /reset

C:\\Inetpub\\vhosts\\example.com\\httpdocs\\uploaded_files>icacls "uploaded_file.txt"
uploaded_file.txt WIN-11111111111\\additional_ftpuser:(I)(R,W,D,DC)
NT AUTHORITY\\SYSTEM:(I)(F)
WIN-11111111111\\systemuser:(I)(F)
WIN-11111111111\\IWPG_systemuser:(I)(F)
BUILTIN\\Administrators:(I)(F)
Have more questions? Submit a request
Please sign in to leave a comment.