Use the SFTP Directories pane to customize directory access for file transfer. By default, when a client user starts an SFTP session, the user has access to files and directories located within the configured Login directory (the Windows profile folder The user profile folder is configurable by the Windows system administrator. The default is: \Users\username by default). You can configure SFTP directories to:
Provide users with access to additional local or network resources using their own credentials.
Provide users with access to network resources based on the rights associated with an alternate user.
Provide users with access to resources on a remote SFTP server.
NOTE:
Customized directory settings affect all SFTP and SCP2 A file transfer implementation that uses the SFTP subsystem. SCP2 is useful for scripted file transfer. connections.
By default, customized directories do not affect SCP1 An early implementation of the SCP protocol used by OpenSSH. This protocol does not use the SFTP subsystem; it executes an rcp command through the secure channel. connections. This means that users executing scp transfers from older OpenSSH clients have access to all files and folders allowed to them by the operating system, regardless of the current SFTP Directories settings. To apply customized directory settings to SCP1 transfers, go to the Permissions tab and select Use SFTP accessible directory settings for SCP1.
To customize directory access
Start the server console, and then click Configuration.
Click SFTP Directories.
Click Add.
The Accessible Directory Settings dialog box opens.
Specify virtual and physical directory values:
|
For |
Do This |
|
|---|---|---|
|
Virtual directory |
Enter the directory name that you want your users to see; for example, Downloads. |
|
|
Local or UNC directory |
Enter the actual directory path; for example, C:\Users\Downloads UNC paths must include a server name and share. For example: \\server\share\public Mapped drives are not supported. The following options are available for specifying user directories: |
|
|
%D |
The user's User profile folder The user profile folder is configurable by the Windows system administrator. The default is: \Users\username . |
|
%H |
The user's Home folder The home folder is configurable by the Windows system administrator. When no home folder is configured (the default), the home folder is the same as the User profile. The default User profile is: \Users\username. . |
|
%u |
The user’s login name. |
|
%U |
The user's domain name and login in the format domain.username. |
|
NOTE:Do not use %u or %U to point to a location within a user's Windows profile folder. Neither of these options works correctly for this purpose. Use these options to create your own user-specific locations in some other location, for example on a shared network file server. For details, see Pattern Strings in Directory Paths. |
|
(Optional) Modify the options under Permissions. You can use this feature to limit user file access to one or more of the following: browse, download, upload, delete, and rename.
(Optional) By default Use the client user account to connect to this directory is selected. With this default option, the drive you specify is available to the client user only if he or she has access rights to that network location. To grant access rights based on the rights associated with an alternate user, select Use a specified account to connect to this directory. (This option is available only if Local or UNC directory specifies a UNC path.) The user you select must be joined to the same domain as the server or to a domain that is trusted by the server's domain.
CAUTION:Be careful when configuring access with any credential other than the client user's own credential. When you configure an alternate credential to provide access to any folder on a server, Windows will allow access to other folders on the same server that are accessible to the alternate credential. For more information about this risk and how to handle it securely, see Best Practices for Using Cached Credentials.
Click OK.
Save your settings (File > Save Settings).