Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
admin_restricted_base.jpg 523.6 kB 1 17-Oct-2023 20:03 Ada Csaba
jpg
admin_restricted_permissions.j... 206.3 kB 1 17-Oct-2023 20:03 Ada Csaba
jpg
admin_restricted_roles.jpg 338.8 kB 1 17-Oct-2023 20:03 Ada Csaba
jpg
admin_restricted_view.jpg 176.4 kB 1 17-Oct-2023 21:45 Ada Csaba
png
limited_admin.png 50.1 kB 3 29-Dec-2020 05:25 Ben Spink
png
limited_group.png 45.5 kB 1 29-Dec-2020 05:25 Ben Spink
png
limited_view.png 55.3 kB 1 29-Dec-2020 05:25 Ben Spink

This page (revision-40) was last changed on 18-Apr-2024 12:58 by Ada Csaba

This page was created on 29-Dec-2020 05:25 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 12 changed 3 lines
Then grant the admin on the __Setup Roles__ panel the __Remote User Only Administration (Limited)__ role permission, the __group name__ to administer, and eventually restrict the admin roles even further on the __Setup Permissions ( limited admin only)__ panel.
Then grant the admin on the __Setup Roles__ panel the __Remote User Only Administration (Limited)__ role permission, the __group name__ to administer, and eventually restrict the admin roles even further on the __Setup Permissions ( limited admin only)__ panel.\\
At line 16 changed 11 lines
The user manager will only contain a list of users who are part of a group that matches their username exactly. So if test2 is a limited admin, there must be a group named "test2". The test2 group should not have test2 as a member, or else test2 can edit himself.
At line 9 removed 6 lines
So if test3 is a limited admin, there must be a group named "sub_admin" in my example. The sub_admin group should not have test3 as a member, or else test3 can edit themselves.
There must also be a user named "sub_admin" which has a [VFS] with the folders you want the admin to be able to work with.
[attachments|limited_group.png]
At line 19 changed one line
2.) If the home folders being specified are not a sub folder of the home directory that the group user can access, the change is rejected.
2.) If the home folders being specified are not a sub folder of the home directory that the admin can access, the change is rejected.
At line 23 changed 8 lines
4.) Other admin escalation permissions are denied too.
These are done to enforce security and prevent privilege escalation. Any attempted violation of these is logged in the server log for audit purposes.
%%tabbedSection
%%tab-Admin
tab [{Image src='admin_restricted_base.jpg' width='1440' height='..' align='left' style='..' class='..' }]
/%
%%tab-SetupRoles
[{Image src='admin_restricted_roles.jpg' width='..' height='640' align='left' style='..' class='..' }]
/%
%%tab-SetupPermissions(LimitedAdminOnly)
[{Image src='admin_restricted_permissions.jpg' width='..' height='640' align='left' style='..' class='..' }]
/%
/%
\\
In CrushFTP __v10__ we now support multiple groups for same admin. Each group has to have designated it's own Group Template account, and the VFS directories assigned to these need also to be granted to the Restricted Admin, or this latter to be pointed to an upper level directory.\\
\\
With the Restricted Admin scenario functional:\\
\\
1.) If the user is not a member of the group, the change is rejected.\\
2.) If the home folders being specified are not a sub folder of the home directory that the group user can access, the change is rejected.\\
3.) If the change involves adding an event to a user that specifies a "plugin" action, the change is rejected.\\
4.) Other admin escalation permissions are denied too.\\
These are done to enforce security and prevent privilege escalation. Any attempted violation of these is logged in the server log for audit purposes.\\
At line 28 changed 3 lines
Finally the view from a limited admin when they login.
[attachments|limited_view.png]
These are done to enforce security and prevent privilege escalation.
Finally the view from a limited admin when they login. Please note the group selector in top-center area.\\
\\
[{Image src='admin_restricted_view.jpg' width='1440' height='..' align='left|center|right' style='..' class='..' }]
\\
These are done to enforce security and prevent privilege escalation.\\
\\
Version Date Modified Size Author Changes ... Change note
40 18-Apr-2024 12:58 3.253 kB Ada Csaba to previous
39 18-Apr-2024 12:57 3.257 kB Ada Csaba to previous | to last
38 18-Apr-2024 12:57 3.245 kB Ada Csaba to previous | to last
37 18-Apr-2024 12:56 3.245 kB Ada Csaba to previous | to last
36 18-Apr-2024 12:55 3.237 kB Ada Csaba to previous | to last
35 18-Apr-2024 12:54 3.235 kB Ada Csaba to previous | to last
34 18-Apr-2024 12:53 3.241 kB Ada Csaba to previous | to last
33 18-Apr-2024 12:51 3.241 kB Ada Csaba to previous | to last
32 18-Apr-2024 12:51 3.245 kB Ada Csaba to previous | to last
31 17-Oct-2023 21:47 3.253 kB Ada Csaba to previous | to last
30 17-Oct-2023 21:47 3.255 kB Ada Csaba to previous | to last
29 17-Oct-2023 21:46 3.255 kB Ada Csaba to previous | to last
28 17-Oct-2023 21:43 3.184 kB Ada Csaba to previous | to last
27 17-Oct-2023 21:42 3.103 kB Ada Csaba to previous | to last
26 17-Oct-2023 21:32 3.395 kB Ada Csaba to previous | to last
25 17-Oct-2023 21:28 3.192 kB Ada Csaba to previous | to last
24 17-Oct-2023 21:27 3.086 kB Ada Csaba to previous | to last
23 17-Oct-2023 21:25 2.952 kB Ada Csaba to previous | to last
22 17-Oct-2023 21:21 2.674 kB Ada Csaba to previous | to last
21 17-Oct-2023 21:19 2.611 kB Ada Csaba to previous | to last
« This page (revision-40) was last changed on 18-Apr-2024 12:58 by Ada Csaba
G’day (anonymous guest)
CrushFTP10 | What's New
JSPWiki