Virtual Root Directory in Reflection for Secure IT
The virtual root directory is the top-level directory that the user can see and access, containing all of the files and/or directories available to that user.
Using the Default Virtual Root Directory
By default, a user who connects to the Reflection for Secure IT server using sftp or scp has access to a virtual root directory that contains all the accessible directories available for that user profile. With this default configuration, you can limit access to multiple root-level directories.
In the following example, two accessible directories are configured and the user login directory is set equal to one of these directories:
User login directory = c:\gray
With these settings, the user can navigate up from the login directory to the virtual root directory, and from there view a list of all accessible directories, as shown in the following example from an sftp command window session:
With this configuration, sftp commands that use absolute paths need to include the accessible directory name (even when only one accessible directory is configured); for example:
Configuring a Chrooted Environment
A chrooted environment is equivalent to what you can configure on UNIX systems using the chroot command. In a chrooted environment, users have access to only the chroot directory and its subdirectories. The user login directory is always set equal to the virtual root directory. Users cannot navigate to any other directories.
To configure a chrooted environment, you use a forward slash (/) to specify the virtual directory; for example:
User login directory = c:\gray (set automatically)
With this configuration, user access is limited to the c:\gray directory. (You can configure other accessible directories, but you will not be able to enable access to these directories while the chroot directory is enabled.) The user login directory is set automatically to c:\gray; no other option is available.
With these settings, the user sees the contents of c:\gray when he or she first logs in. The user cannot navigate from there to any higher directory, as shown in the following example from an sftp command window session:
With this configuration, sftp commands that use absolute paths should not include the accessible directory name; for example:
Providing Access to All Local Drives
You can set the physical directory equal to "$drive" (not case-sensitive) to provide access to all local drives.
With this configuration, the user sees each available drive as directory in the virtual root directory. Directory names are automatically generated using drive letters (C:, D:, and so on). In the following sample sftp session, two drives are available:
Remote working directory: /
Remote working directory: /C: