From the server console, click Configuration > SFTP Directories.
Use the SFTP Directories pane to customize directory access for file transfer. By default, when a client user starts an SFTP session, the user has access to files and directories located within the configured Login directory (the Windows profile folder The user profile folder is configurable by the Windows system administrator. The default is: \Users\username by default). You can configure SFTP directories to:
Provide users with access to additional local or network resources using their own credentials.
Provide users with access to network resources based on the rights associated with an alternate user.
NOTE:Items on this pane can be configured globally or as part of a subconfiguration.
SFTP accessible directories
|
Allow all |
Use Allow all to select or clear the allow box for all listed directories. NOTE:This option is not inherited by user or group subconfigurations. |
|
Column headings (Click a heading to sort on that field.) |
|
|
Allow |
Determines whether a listed directory is accessible to users. This option is selected by default when you create a new list item. Clear to leave an item on the list without providing access to the specified directory. |
|
Virtual directory |
The directory name that users see and access. |
|
Physical directory |
The actual directory path on the Reflection for Secure IT server or in the Windows domain. |
|
Account |
The user whose rights determine what access is granted. [Client user] indicates that the user has access to directories based on the access rights of his or her own Windows account. If any other credential is specified the user is granted the rights associated with the specified credential. |
|
Inherit directories |
This option is visible only if you are creating or editing a subconfiguration. When Inherit directories is checked, the client user inherits directory settings from any applicable configuration higher in the following order of inheritance:
For example, if you enable Inherit directories for a user and disable it for a group to which that user belongs, the user inherits directories configured for the group, but does not inherit client host and global directories. Note: Inherited global directories show up in the directory list as read-only entries. Applicable group directories may also be visible as read-only entries. Inherited client host directories are applied when the user connects, and are not visible in this list. |
User login directory
NOTE:This setting is not used for connections from the Reflection Transfer Client that is included with Reflection for Secure IT Gateway.The default /Home directory is always removed for these users, and the login directory is determined by how many directories a user has access to. If a Transfer Client user has access to only one directory, the user is logged into that directory. If the user has access to two or more directories, the user is logged into the virtual root directory.
User login directory specifies which virtual directory a user sees after connecting to the server using SFTP or SCP2. By default this is set to /Home, which is mapped the Windows user profile folder The user profile folder is configurable by the Windows system administrator. The default is: \Users\username (specified by the pattern string %D).
The list of available directories consists of the virtual root directory (/) and all currently configured and allowed directories.
When User login directory is set to /, the user's login directory is the virtual root directory. When a user logs in, he or she sees all user-accessible directories listed as subdirectories in this root directory.
If you have configured a chrooted environment (by adding a directory with Virtual directory set to /), the user login directory is set automatically to / and can't be edited. When a user logs in, he or she sees the contents of whatever physical directory you specify and can't navigate to any other directories.
For additional information about the virtual root directory and chrooted environments, see Virtual Root Directories and Chrooted Environments
Connect to accessible directories when accessed, instead of at login time
When this setting is enabled, the server does not attempt to access all configured SFTP directories when a user first makes a connection, but waits instead until the user tries to access a directory. This makes the initial connection faster, but means that the user may be denied access to a listed directory that is discovered to be unavailable when the user attempts to access it. Clearing this setting may make the initial logon noticeably slower, but ensures that unavailable directories will not be included in the initial directory listing. This setting is enabled by default.
Allow clients to request the physical path for accessible directories
This setting is enabled by default. It is available for use in conjunction with Reflection for Secure IT Gateway. If you do not use Reflection Gateway, you can disable this setting.
This setting should be enabled if you use Reflection for Secure IT together with Reflection Gateway, and have configured the Reflection for Secure IT server to act as the Transfer Site file server. This setting enables a proprietary SFTP extension that is used by the Reflection Secure Shell Proxy to access the actual physical path of your accessible directories. When this setting is enabled, Reflection Gateway displays the actual physical path on the SFTP server page for this server under Transfer site base directory. This setting is also required if you use the Reflection for Secure IT server for notifications and Post Transfer Actions that need to specify a physical path.
Show owner and group in directory listings on network shares (slower)
This setting determines whether or not owner and group information is included in client directory listings for connections in which the physical directory is specified using a UNC path (for example \\server\path\downloads). It has no effect on listings where the physical directory uses a local path (for example c:\path\downloads). When this option is selected owner and group information is included, but client connections will take longer to display directory listings, particularly when connecting to servers with large numbers of directories and files. This setting is disabled by default.
NOTE:
The customized directory settings you configure from the SFTP Directories pane affect all SFTP and SCP2 An early implementation of the SCP protocol used by OpenSSH. This protocol does not use the SFTP subsystem; it executes an rcp command through the secure channel. connections.
By default, customized directories do not affect SCP1 An early implementation of the SCP protocol used by OpenSSH. This protocol does not use the SFTP subsystem; it executes an rcp command through the secure channel. connections. This means that users executing scp transfers from older OpenSSH clients have access to all files and folders allowed to them by the operating system, regardless of the current SFTP Directories settings. To apply customized directory settings to SCP1 transfers, go to the Permissions tab and select Use SFTP accessible directory settings for SCP1.
The directory settings you configure from the SFTP Directories pane do not affect which directories are accessible from a terminal session. To ensure that users cannot access files using a terminal session, clear Allow terminal shell from the Permissions pane.
You can disallow all SFTP and SCP2 access by clearing Allow SFTP/SCP2 from the Permissions pane. The Permissions pane setting overrides all SFTP Directories pane settings.