Show Contents / Index / Search

Virtual Root Directories in Reflection for Secure IT

The virtual root directory is the top-level directory that the user can see and access, containing all of the files and/or directories available to that user.

Using the Default Virtual Root Directory

By default, a user who connects to the Reflection for Secure IT server using sftp or scp has access to a virtual root directory that contains all the accessible directories available for that user profile. With this default configuration, you can limit access to multiple root-level directories.

In the following example, two accessible directories are configured and the user login directory is set equal to one of these directories:

Virtual directory

Physical directory

blue

c:\colors\blue

gray

c:\gray

User login directory = c:\gray

With these settings, the user can navigate up from the login directory to the virtual root directory, and from there view a list of all accessible directories, as shown in the following example from an sftp command window session:

/gray>pwd
Remote working directory: /gray
/gray>dir
.
..
black.txt
white.txt
/gray>cd ..
/>pwd
Remote working directory: /
/>dir
blue
gray
/>

 

With this configuration, sftp commands that use absolute paths need to include the accessible directory name (even when only one accessible directory is configured); for example:

/>get /gray/black.txt

Configuring a Chrooted Environment

A chrooted environment is equivalent to what you can configure on UNIX systems using the chroot command. In a chrooted environment, users have access to only the chroot directory and its subdirectories. The user login directory is always set equal to the virtual root directory. Users cannot navigate to any other directories.

To configure a chrooted environment, you use a forward slash (/) to specify the virtual directory; for example:

Virtual directory

Physical directory

/

c:\gray

User login directory = c:\gray (set automatically)

With this configuration, user access is limited to the c:\gray directory. (You can configure other accessible directories, but you will not be able to enable access to these directories while the chroot directory is enabled.) The user login directory is set automatically to c:\gray; no other option is available.

With these settings, the user sees the contents of c:\gray when he or she first logs in. The user cannot navigate from there to any higher directory, as shown in the following example from an sftp command window session:

/>pwd
Remote working directory: /

/>dir
.
..
black.txt
white.txt
/>cd ..
/>pwd
Remote working directory: /

/>

 

With this configuration, sftp commands that use absolute paths should not include the accessible directory name; for example:

/>get /black.txt

Related Topics

Specify the User Login Directory

Customize Directory Access for File Transfers

SFTP Directories Pane

Accessible Directory Settings Dialog Box