Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
admin_restricted_base.jpg 523.6 kB 1 05-Dec-2023 05:32 Ada Csaba
jpg
admin_restricted_permissions.j... 206.3 kB 1 05-Dec-2023 05:32 Ada Csaba
jpg
admin_restricted_roles.jpg 338.8 kB 1 05-Dec-2023 05:32 Ada Csaba
jpg
admin_restricted_view.jpg 176.4 kB 1 05-Dec-2023 05:32 Ada Csaba
png
connection_profile_restricted_... 123.5 kB 1 30-Oct-2024 05:12 krivacsz
png
group_template_user.png 63.0 kB 1 30-Oct-2024 05:09 krivacsz
png
limited_admin.png 50.1 kB 3 05-Dec-2023 05:32 Ben Spink
png
limited_group.png 45.5 kB 1 05-Dec-2023 05:32 Ben Spink
png
limited_view.png 55.3 kB 1 05-Dec-2023 05:32 Ben Spink

This page (revision-36) was last changed on 30-Oct-2024 05:13 by krivacsz

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 4 changed one line
;Group Template account: inheritance parent or archtype account, that parents inheritance for a group of user accounts
;Group Template account: inheritance parent or archetype account, that parents inheritance for a group of user accounts
At line 10 changed one line
First need to create a user __[Group|Groups]__ with the corresponding __Group Template__ account. This latter is to be assigned some top level __VFS__ directory under which the group member users will have their own working directories later on. The same VFS is to be granted to the Restricted Admin, these two settings together will confine both the admin and the group members under that directory, with no escalation possible.\\
First need to create a user __[Group|Groups]__ with the corresponding __Group Template__ account. This latter is to be assigned some top level __VFS__ directory under which the group member users will have their own working directories later on. The same VFS is to be granted to the Restricted Admin, these two settings together will confine both the admin and the group members under that directory, with no escalation possible. This only works for local files.\\
__11.2.2_10+__ Supports __[Connection Profiles]__ at User Manager too. Using Connection Profiles the Restricted Admin can assign remote locations to the group members.\\
[UserManagerAdminRestricted/group_template_user.png]\\
At line 14 added 2 lines
[UserManagerAdminRestricted/connection_profile_restricted_admin.png]\\
\\
At line 16 changed one line
tab [{Image src='admin_restricted_base.jpg' width='1440' height='..' align='center' style='..' class='..' }]
tab [{Image src='admin_restricted_base.jpg' width='1440' height='..' align='left' style='..' class='..' }]
At line 26 changed one line
In CrushFTP __v10__ we now support multiple groups for same admin. Each group has to have designated it's own Group Template account, and the VFS directories assigned to these need also to be granted to the Restricted Admin, or this latter to be pointed to an upper level directory.\\
In CrushFTP __v10__ we now support multiple groups for the same admin. Each group has to have designated it's own Group Template account, and the VFS directories assigned to these need also to be granted to the Restricted Admin, or this latter to be pointed to an upper-level directory.\\
At line 29 changed one line
2.) If the home folders being specified are not a sub folder of the home directory that the group user can access, the change is rejected.\\
2.) If the home folders being specified are not a subfolder of the home directory that the group user can access, the change is rejected.\\
At line 32 changed one line
These are done to enforce security and prevent privilege escalation. Any attempted violation of these is logged in the server log for audit purposes.\\
These are done to enforce security and prevent privilege escalation. Any attempted violation is logged in the server log for audit purposes.\\
At line 34 changed 3 lines
Finally the view from a limited admin when they login.
[attachments|limited_view.png]
These are done to enforce security and prevent privilege escalation.
Finally, the view from a limited admin when they log in. Please note the group selector in the top-center area.\\
\\
[{Image src='admin_restricted_view.jpg' width='1440' height='..' align='left|center|right' style='..' class='..' }]
\\
These are done to enforce security and prevent privilege escalation.\\
\\
Version Date Modified Size Author Changes ... Change note
36 30-Oct-2024 05:13 3.59 kB krivacsz to previous
35 30-Oct-2024 05:10 3.514 kB krivacsz to previous | to last
34 30-Oct-2024 04:58 3.458 kB krivacsz to previous | to last
33 30-Oct-2024 04:55 3.454 kB krivacsz to previous | to last
32 30-Oct-2024 04:49 3.254 kB krivacsz to previous | to last
31 05-Dec-2023 05:32 3.253 kB Ada Csaba to previous | to last
30 05-Dec-2023 05:32 3.255 kB Ada Csaba to previous | to last
29 05-Dec-2023 05:32 3.255 kB Ada Csaba to previous | to last
28 05-Dec-2023 05:32 3.184 kB Ada Csaba to previous | to last
27 05-Dec-2023 05:32 3.103 kB Ada Csaba to previous | to last
26 05-Dec-2023 05:32 3.395 kB Ada Csaba to previous | to last
25 05-Dec-2023 05:32 3.192 kB Ada Csaba to previous | to last
24 05-Dec-2023 05:32 3.086 kB Ada Csaba to previous | to last
23 05-Dec-2023 05:32 2.952 kB Ada Csaba to previous | to last
22 05-Dec-2023 05:32 2.674 kB Ada Csaba to previous | to last
21 05-Dec-2023 05:32 2.611 kB Ada Csaba to previous | to last
« This page (revision-36) was last changed on 30-Oct-2024 05:13 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New
JSPWiki