Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Serv-U File Server Administrator Guide > User accounts on the Serv-U server > User information

User information

Table of contents
No headers
Created by Anthony.Rinaldi, last modified by Anthony.Rinaldi on Jul 20, 2016

Views: 11 Votes: 0 Revisions: 2

A user account consists of several attributes and settings. The User Information page contains general information about the user account including login credentials, the home directory, and the type of account. This topic provides detailed information about each attribute.

Login ID

The login ID is provided by the client as one part of authenticating the session to the file server. In addition to the login ID, clients must provide a password to complete authentication. Login IDs must be unique for each account specified at the particular level. Login IDs cannot contain any of the following special characters:

\ / < > | : . ? *

Two special login IDs exist: Anonymous and FTP. These login IDs are synonymous with one another, and they can be used for guests on your file server. These users do not require a password, which should be left blank in this case. Instead, Serv-U requires users who log on with one of these accounts to provide their email address to complete the login process.

Full name

The full name of the account is available to specify additional identifying information about the account. It is not used by clients when they log in.

Password

The password is the second item that is required so that a session can be authenticated with the file server. The password should be kept a secret and not shared with anyone other than the person that owns the account. A strong password contains at least six characters including a mix of upper and lowercase letters and at least one number. You can place restrictions on the length and complexity of passwords through limits. For more information about password limits, see User limits and settings.

You can also generate a new random password for a user by clicking the Lock icon next to the Password. This new password will follow the defined password length requirements. By default, all passwords are eight characters long and are complex. If the minimum password length is equal to or less than four characters, the password will be four characters long. Otherwise, generated passwords will follow the specified domain value.

Administration privilege

A user account can be granted one of the following types of administrative privileges:

  • No Privilege
  • Group Administrator
  • Domain Administrator
  • System Administrator

The value of this attribute can be inherited through group membership. A user account with No Privilege is a regular user account that can only log in to transfer files to and from the File Server. The Serv-U Management Console is not available to these user accounts.

A Group Administrator can only perform administrative duties relating to their primary group (the group that is listed first in their Groups memberships list). They can add, edit, and delete users which are members of their primary group, and they can also assign permissions at or below the level of the Group Administrator. They may not make any other changes.

A Domain Administrator can only perform administrative duties for the domain to which their account belongs. A Domain Administrator is also restricted from performing domain-related activities that may affect other domains.

The domain-related activities that may not be performed by Domain Administrators consist of:

  • configuring their domain listeners
  • configuring or administering LDAP groups
  • configuring ODBC database access for the domain

A System Administrator can perform any file server administration activity including creating and deleting domains, user accounts, or even updating the license of the file server. A user account with System Administrator privileges that is logged in through HTTP remote administration can administer the server as if they had physical access to the server.

You can also create read-only administrator accounts which can allow administrators to log in and view configuration options at the domain or server level, greatly aiding remote problem diagnosis when working with outside parties. Read-only administrator privileges are identical to their full-access equivalents, except that they cannot change any settings, and cannot create, delete or edit user accounts.

When you configure a user account with administrative privileges, take care in specifying their home directory. An administrator with a home directory other than "\" (root) that is locked in their home directory may not use absolute file paths outside of their home directory when configuring the file server. Instead, relative paths must be used.

Additionally, such a user account can also use setting files located outside the home directory, however, these files must also be specified by using relative paths, for example, ../../exampleFile.txt.

Home directory

The home directory for a user account is where the user is placed immediately after logging in to the file server. Each user must have a home directory assigned to it, although it can be specified at the group level if the user is a member of a group. Home directories must be specified using a full path including the drive letter or the UNC share name. If the home directory is not found, you can configure Serv-U to create it.

When you specify the home directory, you can use the %USER% macro to insert the login ID in to the path. This is used mostly to configure a default home directory at the group level or within the new user template to ensure that all new users have a unique home directory. When it is combined with a directory access rule for %HOME%, a new user can be configured with a unique home directory and the appropriate access rights to that location with a minimal amount of effort.

You can also use the %DOMAIN_HOME% macro to identify the user's home directory. For example, to place a user's home directory into a common location, use %DOMAIN_HOME%\%USER%.

The home directory can be specified as "\" (root) in order to grant system-level access to a user, allowing them the ability to access all system drives. In order for this to work properly, the user must not be locked in their home directory.

SSH public key path

The SSH public key can be used to authenticate a user when logging in to the the Serv-U File Server. The public key path should point to the key file in a secured directory on the server. This path can include the following macros:

%HOME%

The home directory of the user account.

%USER%

The login ID, used if the public key will have the login ID as part of the file name.

%DOMAIN_HOME%

The home directory of the domain, set in Domain Details > Settings, used if the keys are in a central folder relative to the domain home directory.

Examples:

%HOME%\SSHpublic.pub
%HOME%\%USER%.pub
%DOMAIN_HOME%\SSHKeys\%USER%.pub

For information about creating an SSH key pair, see SFTP for users and groups.

Account type

By default, all accounts are permanent and exist on the file server until they are manually deleted or disabled. You can configure an account to be automatically disabled or even deleted on a specified date by configuring the account type. After selecting the appropriate type, the Account Expiration Date control is displayed. Click the calendar or expiration date to select when the account should be disabled or deleted.

The account is accessible until the beginning of the day on which it is set to be disabled. For example, if an account is set to be disabled on 15 July 2015, the user can log in until 14 July 2015, 23:59.

Default Web Client

If your Serv-U license enables the use of FTP Voyager JV, then users connecting to the file server through HTTP can choose which client they want to use after logging in. Instead of asking users which client they want to use, you can also specify a default client. If you change this option, it overrides the option specified at the server or domain level. It can also be inherited by a user through group membership. Use the Inherit default value option to reset it to the appropriate default value.

Email address

Serv-U events can use the Email Address field when sending email notifications to groups, and password recovery using the Web Client requires an email address to send a recovered password to a user. Type an email address here to allow email notifications or password recovery for the user account.

Lock user in home directory

Users locked in their home directory may not access paths above their home directory. In addition, the actual physical location of their home directory is masked because Serv-U always reports it as "/" (root). The value of this attribute can be inherited through group membership.

Enable account

Deselect this option to disable the current account. Disabled accounts remain on the file server but cannot be used to log in. To re-enable the account, select the Enable account option again.

Always allow login

Enabling this option means that the user account is always permitted to log in, regardless of restrictions placed upon the file server, such as maximum number of sessions. It is useful as a fail-safe in order to ensure that critical system administrator accounts can always remotely access the file server. As with any option that allows bypassing access rules, care should be taken in granting this ability. The value of this attribute can be inherited through group membership.

Enabling the Always Allow Login option does not override IP access rules. If both options are defined, the IP access rules prevail.

Description

The description allows for the entry of additional notes that are only visible to administrators.

Availability

This feature limits when users can connect to this server. You can place limitations on the time of day, and also on the day of the week. When users attempt to log in outside the specified available times, they are presented with a message that their user account is currently unavailable.

Welcome message

The welcome message is a message that is traditionally sent to the FTP client during a successful user login. Serv-U extends this ability to HTTP so that users accessing the file server through the Web Client or FTP Voyager JV also receive the welcome message. This feature is not available to users logging in through SFTP over SSH2, because SSH2 does not define a method for sending general text information to users.

The welcome message can contain general information about the status of the server, a special message for the user, disclaimers, or other legal notices. You can configure a welcome message in one of two ways. The first method involves specifying the path to a file containing the welcome message in the Message File Path field. Use Browse to select an existing file on the system.

As an alternative, the text of the welcome message can be explicitly provided to Serv-U in the appropriate text field. In order to override an explicit welcome message at the user level, select the Override inherited group welcome message option first. The provided text is then sent to the user instead of the contents of the file specified in the Message File Path field.

These values can be inherited by the user through group membership.

You can also use system variables in the welcome message. For a comprehensive list of system variables, see System variables.

Last modified
09:47, 20 Jul 2016

Tags

Classifications

Public