SFTP Directories Pane

Getting there

Use the SFTP Directories pane to customize directory access for file transfer. By default, when a client user starts an SFTP session, the user has access to files and directories located within the configured Login directory (the Windows profile folder by default). You can configure SFTP directories to:

  • Provide users with access to additional local or network resources using their own credentials.
  • Provide users with access to network resources based on the rights associated with an alternate user.

Note: Items on this pane can be configured globally or as part of a subconfiguration.

SFTP accessible directories

 

Allow all

Use Allow all to select or clear the allow box for all listed directories.

Note: This option is not inherited by user or group subconfigurations.

 

Column headings (Click a heading to sort on that field.)

 

Allow

Determines whether a listed directory is accessible to users. This option is selected by default when you create a new list item. Clear to leave an item on the list without providing access to the specified directory.

 

Virtual directory

The directory name that users see and access.

 

Physical directory

The actual directory path on the Reflection for Secure IT server or in the Windows domain.

 

Account

The user whose rights determine what access is granted.

[Client user] indicates that the user has access to directories based on the access rights of his or her own Windows account. If any other credential is specified the user is granted the rights associated with the specified credential.

 

Inherit directories

This option is visible only if you are creating or editing a subconfiguration. When Inherit directories is checked, the client user inherits directory settings from any applicable configuration higher in the following order of inheritance:

global
client host
group
user

For example, if you enable Inherit directories for a user and disable it for a group to which that user belongs, the user inherits directories configured for the group, but does not inherit client host and global directories.

Note: Inherited global directories show up in the directory list as read-only entries. Applicable group directories may also be visible as read-only entries. Inherited client host directories are applied when the user connects, and are not visible in this list.

 

User login directory

 

User login directory specifies which virtual directory a user sees after connecting to the server using SFTP or SCP2. By default this is set to /Home, which is mapped the Windows user profile folder (specified by the pattern string %D).

The list of available directories consists of the virtual root directory (/) and all currently configured and allowed directories.

  • When User login directory is set to /, the user's login directory is the virtual root directory. When a user logs in, he or she sees all user-accessible directories listed as subdirectories in this root directory.
  • If you have configured a chrooted environment (by adding a directory with Virtual directory set to /), the user login directory is set automatically to / and can't be edited. When a user logs in, he or she sees the contents of whatever physical directory you specify and can't navigate to any other directories.

    For additional information about the virtual root directory and chrooted environments, see Virtual Root Directories and Chrooted Environments

     

Connect to accessible directories when accessed, instead of at login time

 

When this setting is enabled, the server does not attempt to access all configured SFTP directories when a user first makes a connection, but waits instead until the user tries to access a directory. This makes the initial connection faster, but means that the user may be denied access to a listed directory that is discovered to be unavailable when the user attempts to access it. Clearing this setting may make the initial logon noticeably slower, but ensures that unavailable directories will not be included in the initial directory listing. This setting is enabled by default.

 

Notes:

  • The customized directory settings you configure from the SFTP Directories pane affect all SFTP and SCP2 connections.
  • By default, customized directories do not affect SCP1 connections. This means that users executing scp transfers from older OpenSSH clients have access to all files and folders allowed to them by the operating system, regardless of the current SFTP Directories settings. To apply customized directory settings to SCP1 transfers, go to the Permissions tab and select Use SFTP accessible directory settings for SCP1.
  • The directory settings you configure from the SFTP Directories pane do not affect which directories are accessible from a terminal session. To ensure that users cannot access files using a terminal session, clear Allow terminal shell from the Permissions pane.
  • You can disallow all SFTP and SCP2 access by clearing Allow SFTP/SCP2 from the Permissions pane. The Permissions pane setting overrides all SFTP Directories pane settings.

Related Topics

Customize Directory Access for File Transfers

Pattern Strings in Directory Paths

Virtual Root Directories and Chrooted Environments

Cached Credentials

Mapped Drives