Filezilla settings folder - Windows security problem (NTFS)

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Sendman
500 Command not understood
Posts: 5
Joined: 2022-05-04 12:50

Filezilla settings folder - Windows security problem (NTFS)

#1 Post by Sendman » 2022-05-04 13:18

Hi there,

i'm working at a school in italy an we installed the filezilla client on all clients. we created a fzdefaults.xml with these settings:
<FileZilla3>
<Settings>
<Setting name="Disable update check">1</Setting>
<Setting name="Config Location">$USERPROFILE/Documents/Filezilla/Config</Setting>
<Setting name="Cache directory">$USERPROFILE/Documents/Filezilla/Cache</Setting>
</Settings>
</FileZilla3>
For all of our users (Windows Domain with Windows 10 Clients - both x64) we create a folder "Filezilla" with 2 subfolders "Config" and "Cache" located in the userprofile. So our problem is this:
    Both the subfolders "Config" and "Cache" are created but without the NTFS Windows Security Settings that we have on the profile folder. There is only the current user with "Full Control" access but nothing more. normally there should be the administrator group with "Full Control" too. Not to mention the "System", "Creator Owner" and "Domain Administrator" Groups.

    An example:
    User "Rossi, Mario" use the software. The folders "Config" and "Cache" are created. If i check the security tab on both the folders with an domain administrator user account i got "You have been denied permission to access this folder. To gain access to this folder you will need to use the security tab." I open the tab and i need to click on the advanced button. then the continue button. I don't see anythine because i need to change the owner (you do not have permission to view this object's security permissions, even as administrative user). So i do that. Now i can see the permissions. The only entry is for user "Rossi, Mario" who has "Full control" on "This folder only". Not inherited. Why is that so?
    All other subfolders for "Documents" get the security settings inherited.

    Colbey32
    500 Command not understood
    Posts: 1
    Joined: 2022-05-12 17:16
    First name: Isaac
    Last name: Zenger

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #2 Post by Colbey32 » 2022-05-12 17:27

    I would like to know the answer to this too. I've got Filezilla installed on multiple PC's on our domain.

    I've recently noticed that Filezilla will install (I'm using the switch /users=all) to install the Filezilla client for all users. However the problem is once the first user opens Filezilla, it then creates a root folder c:\filezilla where filezilla.xml, layout.xml and queue.sqlite3 files get put.

    Checking the security of that folder, Filezilla automatically puts the first user (let's call this user User A) as the only user that can modify anything in that folder and sets the folder owner to that user as well. Manually installing (instead of doing a silent install push) and selecting the all users option still has the same behavior. I don't recall this ever being an issue before on the PCs that are shared but at some point in the past, this behaviour has started.
    Once User A logs out of the PC and User B logs in, when B tries to open filezilla, it takes forever for the program to load and then it keeps popping up with the error can't write xml file for filezilla.xml and also an error that it can't read/modify queue.sqlite3.

    I'm using the latest Filezilla client 3.59, Windows 10 21H2 and also Windows 11 21H2 (both with the latest may 2022 cumulative update installed).

    The only way to enable all users to actually use the program correctly is to then manually change the security/owner of the folder to what it should be and then make sure that our domain users group is added and allowed to modify the contents.

    Is this behaviour as designed or is this something that will be fixed in a future release of the client?

    User avatar
    botg
    Site Admin
    Posts: 35491
    Joined: 2004-02-23 20:49
    First name: Tim
    Last name: Kosse

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #3 Post by botg » 2022-05-13 08:06

    However the problem is once the first user opens Filezilla, it then creates a root folder c:\filezilla where filezilla.xml, layout.xml and queue.sqlite3 files get put.
    Either you manually configured FileZilla to save its config files there, or there is something quite broken with your Windows user accounts.

    Settings files and the likes must go into user-specific directories. Typically that is a location within their home directory.

    Sendman
    500 Command not understood
    Posts: 5
    Joined: 2022-05-04 12:50

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #4 Post by Sendman » 2022-05-23 12:37

    hi,

    in my case there are user-specific directories. nonetheless the problem remains. user "rossi, mario" has his own filezilla folder (example h:\documents\filezilla - it's on our fileserver). the other users too. but only the user himself can access it. no administrator or system. and that's my problem. all the other folders present have the ntfs rights inherited from "h:\documents" but only the filezilla folder doesn't. why?

    User avatar
    botg
    Site Admin
    Posts: 35491
    Joined: 2004-02-23 20:49
    First name: Tim
    Last name: Kosse

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #5 Post by botg » 2022-05-23 13:15

    It's specifically written to create the directories this only for the current user, to prevent others users from accessing sensitive data such as stored password.

    Sendman
    500 Command not understood
    Posts: 5
    Joined: 2022-05-04 12:50

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #6 Post by Sendman » 2022-05-24 09:40

    hi,

    ok. but then i have this problem. if a students leaves/quits/finish the school all of the user data must be removed (over 300 per year). we use a script for this and it works like a charm. but with the ntfs folder rights for this user only our scripts doesn't work anymore. the script can't access/delete the folder (....\Rossi-Marco\Documents\Filezilla - access denied).

    User avatar
    boco
    Contributor
    Posts: 26899
    Joined: 2006-05-01 03:28
    Location: Germany

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #7 Post by boco » 2022-05-24 20:42

    If you are Administrator and are running the script with admin privileges, can't the script just "takeown" the directory, add "Administrators" group with full rights, then delete it?
    ### BEGIN SIGNATURE BLOCK ###
    No support requests per PM! You will NOT get any reply!!!
    FTP connection problems? Please do yourself a favor and read Network Configuration.
    FileZilla connection test: https://filezilla-project.org/conntest.php
    ### END SIGNATURE BLOCK ###

    Sendman
    500 Command not understood
    Posts: 5
    Joined: 2022-05-04 12:50

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #8 Post by Sendman » 2022-05-25 15:03

    hi,

    so i created a simple ps-script to enable permission inheritance on the filezilla folders.
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    $filezillafolders = Get-ChildItem -path "D:\Data" -Directory -Recurse -Force | Where-Object {$_.Name -match "Filezilla"} -ErrorAction SilentlyContinue

    Foreach ($folder in $filezillafolders) {

    $NewAcl = Get-Acl $folder.FullName

    # Enable Inheritance
    $NewAcl.SetAccessRuleProtection($false,$true)
    Set-Acl -Path $folder.FullName -AclObject $NewAcl

    }
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    if anyone wants to use it change the -path parameter.

    example: on my server the user data are located under "D:\Data" (D:\Data\Students\user01\Documents\Filzilla or D:\Data\Teachers\user02\Documents\Filezilla). the script searches for folders named "Filezilla" and then enables the inheritance. without the parameter -erroraction the scripts generates an error for each filezilla folder found because if a user starts filezilla only the user has access to this folder. and with the search access denied errors are generated.

    imho:
    a program should always use the user rights that are set.

    Sendman
    500 Command not understood
    Posts: 5
    Joined: 2022-05-04 12:50

    Re: Filezilla settings folder - Windows security problem (NTFS)

    #9 Post by Sendman » 2022-05-26 06:20

    Replace

    $filezillafolders = Get-ChildItem -path "D:\Data" -Directory -Recurse -Force | Where-Object {$_.Name -match "Filezilla"} -ErrorAction SilentlyContinue

    with

    $filezillafolders = Get-ChildItem -path "D:\Data" -Directory -Recurse -Force -Filter "Filezilla" -ErrorAction SilentlyContinue

    Post Reply