Show Contents / Index / Search

SFTP Directories Pane

Getting there

Use the SFTP Directories pane to customize user directory access and to configure virtual directory names.

Note: Items on this pane can be configured globally or as part of a subconfiguration.

SFTP accessible directories

 

Inherit directories

This option is available only if you are creating or editing a subconfiguration. When Inherit directories is checked, the client user inherits directory settings from any applicable configuration higher in the following order of inheritance:

global
client host
group
user

For example, if you enable Inherit directories for a user and disable it for a group to which that user belongs, the user inherits directories configured for the group, but does not inherit client host and global directories.

Note: Inherited global directories show up in the directory list as read-only entries. Applicable group directories may also be visible as read-only entries. Inherited client host directories are applied when the user connects, and are not visible in this list.

 

Allow all

Use Allow all to select or clear the allow box for all listed directories.

Note: This option is not inherited by user or group subconfigurations.

 

Allow

Determines whether a listed directory is accessible to users. This option is selected by default when you create a new list item. Clear to leave an item on the list without providing access to the specified directory.

 

Virtual directory

The directory name that users see and access.

 

Physical directory

The actual directory path on the Reflection for Secure IT server or in the Windows domain.

User login directory

 

Directory list

User login directory specifies which directory a user sees after connecting to the server using SFTP or SCP2. The list of available directories consists of "<virtual root directory>" and all currently configured and allowed directories.

  • The value <virtual root directory> sets the login directory to be a virtual directory that contains all user-accessible directories.
  • If you have configured a chrooted environment (Virtual directory = /), the user login directory is set automatically and can't be edited.

    For additional information on virtual root and chroot directories, see Virtual Root Directories in Reflection for Secure IT.

Notes:

  • The directory settings you configure from the SFTP Directories pane affect SFTP and SCP2 connections, but do not affect SCP1 connections. To ensure that users don't access additional files using SCP1, clear Allow SCP1 on the Permissions pane.
  • The directory settings you configure from the SFTP Directories pane do not affect which directories are accessible from a terminal session. To ensure that users cannot access files using a terminal session, clear Allow terminal shell from the Permissions pane.
  • You can disallow all SFTP and SCP2 access by clearing Allow SFTP/SCP2 from the Permissions pane. The Permissions pane setting overrides all SFTP Directories pane settings.

Related Topics

File Transfer Overview

Pattern Strings in Directory Paths

Virtual Root Directory in Reflection for Secure IT

Permissions Pane