Problem

In some situations there may be a single shared folder on the Secure Transport server that is divided by departments, locations, or any other criteria, in which a large number of individuals have permission to access files within a shared folder. The issue always brings instances where some are deleting directories that are not their own, or making unauthorized changes without permission from the folder''s owner.

Using User Classes and Access Restrictions, you can restrict users on a number of accounts across a single shared folder, giving them the ability to upload and download files, while only allowing read-only access.

Test case:

The steps below will allow two users in the same User Class to upload files simultaneously; however they will not be able to create or delete a directory. They will be able to do this only for anything they own, but will not be able to delete their peer's folders or files.

1. Create two users ST users

test2: UID 9000, GID 9000

2. Under AdminUI > Access > User Classes, create a new class or classes to segregate users in the system. For my example I've created a User Class called test_dir. I'm correlating the 9000 user group to this user class for permission reasons within the operating system.

Class Name: test_dir

User Type: *

User Name: *

User Group: 9000

From Address: *

Status: Enabled

3. Under AdminUI > Access > Filesystem Restrictions, set the desired operations that you would allow. Create a new operation in their place with the following info and enable it. (Note that the path is the only thing changed.)

Make a Directory, Allowed = No, Class = test_dir, Path = /*, Status = Enabled

Remove a Directory, Allowed = No, Class = test_dir, Path = /*, Status = Enabled

4. Created a shared folder application.

5. Subscribe to the application with each user:

AdminUI > Accounts > Test1 > Subscriptions > Subscribe to > Uploader > Subscription Folder: upload

AdminUI > Accounts > Test2 > Subscriptions > Subscribe to > Uploader > Subscription Folder: upload

Here are the results from the Windows command line:

C:\>ftp localhost

Connected to localhost.

220 localhost.localdomain FTP server (SecureTransport x.x.x) ready.

User (localhost:(none)): test1

password required for test1.

Password:

230 virtual user test1 logged in.

ftp>dir 200

PORT command successful.

Opening ASCII mode data connection for file list.

150 total 0 drwxr-xr-x 2 9000 9000 4096 Jul 08 14:54 upload

226 Transfer complete.

ftp: 77 bytes received in 0.00Seconds 77000.00Kbytes/sec.

ftp> cd upload

250 command successful.

ftp> mkd testing

testing: Permission denied.

ftp> mkdir testing

testing: Permission denied.

ftp>