login about faq

Hi, I'm currently trialing Tectia 6.2 Server for Windows and I'm running into an "undesired behavior" when connecting by SFTP.

Basically I'm trying to present a single directory as the default home directory for all users (e.g. C:\FTP-TEST), I want the users to have no visibility of any directories other than the "C:\FTP-TEST" and I need this directory to be presented a their "/".

The only way I've managed to get this partially working is by configuring the home directory as "C:\FTP-TEST" and creating a virtual folder that points to the root of C:\, but the user can CD into this virtual folder and see the directory structure of C:\ (which is unacceptable to me).

Is there any way of giving visibility of the "C:\FTP-TEST" folder only and having the user "cd'd" into this folder upon login?

I've provided a truncated output of my configuration below:

attribute name="virtual-folder" value="root=C:\"
attribute name="home" value="C:\FTP-TEST\


Thanks in advance.

asked Mar 20 '12 at 13:53

PLAR's gravatar image

PLAR
3226

edited Mar 20 '12 at 14:00


Hi Plar,

You have been only one little step from what you desire. Just define your only virtual folder to be the same as the home folder:

attribute name="virtual-folder" value="root=C:/FTP-TEST/"
attribute name="home" value="C:/FTP-TEST/

And you will get what you want. Users will only see their home, which is the same as:

/root/

Don't ask me why is the configuration so strange, I didn't design it. But it works. I hope it helps.

With regards,

Martin

link

answered Mar 20 '12 at 15:41

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126

Additionally, to easily jail each end user into their individual SFTP home directory, you can use a thing called special strings:

  • %username% (user's login name)
  • %username-without-domain% (user's login name without the domain part)
  • %homedir% (user's home directory)
  • %hostname% (the name of the host the user is logging from, reverse mapped from the IP)

attribute name="virtual-folder" value="root=C:/FTP-TEST/%username-without-domain%"
attribute name="home" value="C:/FTP-TEST/%username-without-domain%"

I guess a picture will tell you more than a thousand words :D

  • Users for each group (Customer1-Authentication, Customer1-Services) are being defined under the "Selectors" tab, each Tectia group will have its own selectors
  • Here, the Customer1-Services group will allow SFTP access to only those folders which are listed in the virtual folder list (3x), the default landing directory (home) being configured as D:\users\SFTP\Customers\%username-without-domain%
  • Customer1-Services group's end users are automatically jailed into those defined SFTP folders and they cannot move outside that jail
  • Under Customer1-Authentication, I have defined how these particular Customer1 end users can authenticate themselves (you can create a mapping between authentication groups and service groups by using a thing called "Set Services Group" (you can find it under authentication group settings -> "Selector" settings))

alt text

You can also have more simpler configurations, like i.e. this:

  • Here each Tectia service group (i.e. SFTP-for-Group6, the selected one) will have its own "Selectors" tab where I have configured which users will go to which service group.
  • These Tectia groups are processed in top-to-down order and the default group in the end (called "default") will just deny all activities.

alt text


Hopefully this helps!

-- SamiM

link

answered Mar 20 '12 at 18:24

Sami%20Marttinen's gravatar image

Sami Marttinen ♦
191114

Thanks to both Martin & Sami for your answers. They were extremely helpful and much appreciated.

link

answered Apr 04 '12 at 17:06

PLAR's gravatar image

PLAR
3226

Hi,

Where to define virtual folder same as root folder?

link

answered Apr 20 '12 at 13:20

jaiekawa's gravatar image

jaiekawa
1111

Currently there doesn't seem to be ways to force the SFTP root folder to be the actual virtual folder. We always seem to have that empty root "/" folder all the time there and all virtual folders from the virtual folder listing are then sub-folders in that root directory. But you could easily achieve almost the same thing just by setting up the default SFTP landing directory:

  1. Define "Custom" User Home Directory
  2. Include this "Custom" home directory also in the virtual folder listing
  3. The end user should now land automatically into that special home directory specified in the "Custom" field.

alt text

link

answered Aug 28 '12 at 19:04

Sami%20Marttinen's gravatar image

Sami Marttinen ♦
191114

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×63
×6
×5
×4
×2

Asked: Mar 20 '12 at 13:53

Seen: 10,911 times

Last updated: Aug 28 '12 at 19:04

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.