Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Archive > 2017November30 - WIP Delete > Group information

Group information

Table of contents
No headers
Created by Anthony.Rinaldi_ret, last modified by Jessica Solis on Nov 30, 2017

Views: 24 Votes: 0 Revisions: 3

Virtually every attribute available for a user account can be configured at the group level. Group level settings are inherited by the group members and can be overridden at the user level. The Group Information tab contains general information about the group including the name, home directory, and the default administrative privilege for group members. The following sections contain detailed information about each of the available attributes.

Group name

The group name is a unique identifier that must be unique for each group specified at the particular level (server or domain). Group names may not contain any of the following special characters:

\ / < > . | : ? *

Home directory

The home directory for a user account is where the user is placed immediately after logging in to the file server. Each user must have a home directory assigned to it, although the home directory can be specified at the group level if the user is a member of a group. Home directories must be specified using a full path including the drive letter or the UNC share name. If the home directory is not found, Serv-U can be configured to create it.

When specifying the home directory, you can use the %USER% macro to insert the login ID into the path. This is used mostly to configure a default home directory at the group level or within the new user template to ensure that all new users have a unique home directory. When combined with a directory access rule for %HOME%, a new user can be configured with a unique home directory and the proper access rights to that location with a minimal amount of effort.

You can also use the %DOMAIN_HOME% macro to identify the user's home directory. For example, to place a user's home directory into a common location, use %DOMAIN_HOME%\%USER%.

The home directory can be specified as "\" (root) in order to grant system-level access to users, allowing them the ability to access all system drives. In order for this to work properly, the user must not be locked in their home directory.

Administration privilege

A user account can be granted one of the following types of administrative privileges:

  • No Privilege
  • Group Administrator
  • Domain Administrator
  • System Administrator

The value of this attribute can be inherited through group membership.

A user account with no privilege is a regular user account that can only log in to transfer files to and from the file server. The Serv-U Management Console is not available to these user accounts.

A group administrator can only perform administrative duties relating to their primary group (the group that is listed first in their group memberships list). They can add, edit, and delete users which are members of their primary group, and they can also assign permissions at or below the level of the group administrator. They may not make any other changes.

A domain administrator can only perform administrative duties for the domain to which their account belongs. A domain administrator is also restricted from performing domain-related activities that may affect other domains. The domain-related activities that may not be performed by domain administrators consist of configuring their domain listeners or configuring ODBC database access for the domain.

A system administrator can perform any file server administration activity including creating and deleting domains, user accounts, or even updating the license of the file server. A user account with system administrator privileges that is logged in through HTTP remote administration can essentially administer the server as if they had physical access to the system.

Default web client

If your Serv-U license enables the use of FTP Voyager JV, then users connecting to the file server through HTTP can choose which client they want to use after logging in. Instead of asking users which client they want to use, you can also specify a default client. If this option is changed, it overrides the option specified at the server or domain level. It can also be inherited by a user through group membership. Use the Inherit default value option to reset it to the appropriate default value.

Lock user in home directory

Users who are locked in their home directory cannot access paths above their home directory. In addition, the actual physical location of their home directory is masked because Serv-U always reports it as "/" (root). The value of this attribute can be inherited through group membership.

Apply group directory access rules first

The order in which directory access rules are listed has significance in determining the resources that are available to a user account. By default, directory access rules specified at the group level take precedence over directory access rules specified at the user level. However, there are certain instances where you may want the user level rules to take precedence. Deselect this option to place the directory access rules of the group below the user's.

Always allow login

Enabling this option means that the user account is always permitted to log in, regardless of restrictions placed upon the file server such as maximum number of sessions. It is useful as a fail-safe in order to ensure that critical system administrator accounts can always remotely access the file server. As with any option that allows bypassing access rules, care should be taken in granting this ability. The value of this attribute can be inherited through group membership.

Enabling the Always Allow Login option does not override IP access rules. If both options are defined, the IP access rules prevail.

Description

The description allows for the entry of additional notes that are only visible by administrators.

Availability

This feature limits when users can connect to this server. You can place limitations on the time of day and also on the day of the week. When users attempt to log in outside the specified available times, they are presented with a message that their user account is currently unavailable.

JS - Achived to 2017November30 - WIP Delete 

Last modified

Tags

Classifications

Public