An administrator can either be a full administrator who can access everything in the server prefs, and all users, or you can delegate administration allowing a limited administrator to create and manage users in their group, and assign folders that they themselves have access to.
An administrator can either be a full administrator who can access everything in the server prefs, and all users, or you can delegate administration and control what an admin can do to some degree.
At line 3 removed 2 lines
At line 7 changed one line
The user manager will only contain a list of users who are part of a group that you granted this administrator access to.
The user manager will only contain a list of users who are part of a group that matches their username exactly. So if test2 is a limited admin, there must be a group named "test2". The test2 group should not have test2 as a member, or else test2 can edit himself.
At line 9 removed 6 lines
So if test3 is a limited admin, there must be a group named "sub_admin" in my example. The sub_admin group should not have test3 as a member, or else test3 can edit themselves.
There must also be a user named "sub_admin" which has a VFS with the folders you want the admin to be able to work with.
At line 19 changed one line
2.) If the home folders being specified are not a sub folder of the home directory that the group user can access, the change is rejected.
2.) If the home folders being specified are not a sub folder of the home directory that the admin can access, the change is rejected.
At line 23 changed 8 lines
4.) Other admin escalation permissions are denied too.
These are done to enforce security and prevent privilege escalation. Any attempted violation of these is logged in the server log for audit purposes.
Finally the view from a limited admin when they login.
These are done to enforce security and prevent privilege escalation.
At line 7 changed one line
The user manager will only contain a list of users who are part of a group that you granted this administrator access to.
The user manager will only contain a list of users who are part of a group that matches their username exactly. So if test2 is a limited admin, there must be a group named "test2". The test2 group should not have test2 as a member, or else test2 can edit himself.
At line 9 removed 6 lines
So if test3 is a limited admin, there must be a group named "sub_admin" in my example. The sub_admin group should not have test3 as a member, or else test3 can edit themselves.
There must also be a user named "sub_admin" which has a VFS with the folders you want the admin to be able to work with.
At line 19 changed one line
2.) If the home folders being specified are not a sub folder of the home directory that the group user can access, the change is rejected.
2.) If the home folders being specified are not a sub folder of the home directory that the admin can access, the change is rejected.
At line 23 changed 8 lines
4.) Other admin escalation permissions are denied too.
These are done to enforce security and prevent privilege escalation. Any attempted violation of these is logged in the server log for audit purposes.
Finally the view from a limited admin when they login.
These are done to enforce security and prevent privilege escalation.
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
jpg |
admin_restricted_base.jpg | 523.6 kB | 1 | 17-Oct-2023 20:03 | Ada Csaba | |
jpg |
admin_restricted_permissions.j... | 206.3 kB | 1 | 17-Oct-2023 20:03 | Ada Csaba | |
jpg |
admin_restricted_roles.jpg | 338.8 kB | 1 | 17-Oct-2023 20:03 | Ada Csaba | |
jpg |
admin_restricted_view.jpg | 176.4 kB | 1 | 17-Oct-2023 21:45 | Ada Csaba | |
png |
limited_admin.png | 50.1 kB | 3 | 29-Dec-2020 05:25 | Ben Spink | |
png |
limited_group.png | 45.5 kB | 1 | 29-Dec-2020 05:25 | Ben Spink | |
png |
limited_view.png | 55.3 kB | 1 | 29-Dec-2020 05:25 | Ben Spink |
«
This particular version was published on 17-Oct-2023 20:25 by Ada Csaba.
G’day (anonymous guest)
Log in
CrushFTP10 | What's New
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
JSPWiki