The virtual root directory is the top-level directory that the user can see and access, containing all of the files and/or directories available to that user.
Using the Default Virtual Root Directory
By default, a user who connects to the Reflection for Secure IT server using sftp or scp has access to a virtual root directory that contains all the accessible directories available for that user profile. With this default configuration, you can limit access to multiple root-level directories.
In the following example, two accessible directories are configured and the user login directory is set equal to one of these directories:
|
Virtual directory |
Physical directory |
|---|---|
|
blue |
c:\colors\blue |
|
gray |
c:\gray |
User login directory = /gray
With these settings, the user sees the contents of C:\gray when he or she first logs in, but can also navigate up from the login directory to the virtual root directory. From the virtual root directory, the user can view a list of all accessible directories, as shown in the following example from an sftp command window session:
/gray>pwd Remote working directory: /gray /gray>dir . .. black.txt white.txt /gray>cd .. />pwd Remote working directory: / />dir blue gray />
With this configuration, sftp commands that use absolute paths need to include the virtual directory name. For example:
/>get /gray/black.txt
Configuring a Chrooted Environment
A chrooted environment is equivalent to what you can configure on UNIX systems using the chroot command. In a chrooted environment, users have access to only the chroot directory and its subdirectories. The user login directory is always set equal to the virtual root directory. Users cannot navigate to any other directories.
To configure a chrooted environment, you use a forward slash (/) to specify the virtual directory; for example:
|
Virtual directory |
Physical directory |
|---|---|
|
/ |
c:\gray |
When the Virtual directory is set to "/", the value of User login directory is set automatically to "/"and no other option is available.
With this configuration, the user logs in directly to the c:\gray directory. Subdirectories of c:\gray are available, but the user cannot navigate to any higher directory, as shown in the following example from an sftp command window session:
/>pwd Remote working directory: / />dir . .. black.txt white.txt />cd .. />pwd Remote working directory: / />
The following sftp command shows a sample full path to a file in the chrooted directory:
/>get /black.txt
Providing Access to All Local Drives
You can set the physical directory equal to "$drive" (not case-sensitive) to provide access to all local drives.
|
Virtual directory |
Physical directory |
|---|---|
|
/ |
$Drive |
With this configuration, the user sees each available drive in the virtual root directory. Directory names are automatically generated using drive letters (C:, D:, and so on). In the following sample sftp session, two drives are available:
/>pwd Remote working directory: / />dir C: D: />cd C: /C:>pwd Remote working directory: /C: /C:>