Requires CrushFTP version 10.5.2+

The concept of a limited server is such that the owner of the hardware or OS can delegate server administration out to a third party, another admin. This delegation allows the server owner to set a locked location for server config files, and the server install versus the location user data files are placed.

In this limited mode, the TempAccounts and Preview folders need to be moved from the default CrushFTP folder location to a location within the user data root. Then correct the path settings on Preferences->Preview page "Previews Path", respectively on Server Admin->Shares page, "General Settings" menu "Location of temp account file system" field. Otherwise image/document preview thumbnails or shared files can not be retrieved. If also the "server.file.strict" flag is set to "true", the CrushFTP service won't even start up for it's in violation of it's own access rules.

Example:
The server install could be: /C:/CrushFTP10/ , in UNIX-style path notation, regardless of operating system family
So prefs, user config, certificates, private keys can all be there.

The user data storage could be: /D:/UserData/ , same UNIX-style path notation
So even if the admin tried to, they could not give a user access to something located in the C: drive. They can only give users access to things in the D:\UserData\ folder area and sub areas. The core functions in CrushFTP prevent accessing items out of their area.

The configuration is done via startup flags that change the behavior of CrushFTP.
file.warn = log an error about the violation, mainly useful for debugging why something got blocked (default=true)
file.log = if a separate audit log should be kept with all the error info (default=false)
file.strict = if its true, the action is blocked. Otherwise its allowed and just the error info is logged (default=false)
security.exec = controls if external processes can be launched from the Preview config, Execute task, etc (default=true)
security.classloader = controls if DB drivers and other classes can be loaded on the fly and not part of the classpath (default=false)
security.stop_start = controls if server process can be restarted or stopped (default=true)

Windows:#

Edit the CrushFTPServer.ini file in the "service" subdirectory of the CrushFTP installation folder and append this to it (note the double backslashes due to config file encoding):

vmarg.2=-Dcrushftp.server.root=C:/CrushFTP10/
vmarg.3=-Dcrushftp.user.root=C:/ftproot/
vmarg.4=-Dcrushftp.server.file.warn=true
vmarg.5=-Dcrushftp.server.file.log=true
vmarg.6=-Dcrushftp.security.exec=false
vmarg.7=-Dcrushftp.security.classloader=false
vmarg.8=-Dcrushftp.security.stop_start=false
vmarg.9=-Dcrushftp.server.file.strict=true

OSX / Linux / Other#

Edit the startup launcher (OSX=CrushFTP.command file in the CrushFTP folder) (Linux=/var/opt/CrushFTP10/crushftp_init.sh)

Find the "-Xmx" which is setting the memory arguments and configure these arguments before it:

-Dcrushftp.server.root=/var/opt/CrushFTP10/ -Dcrushftp.user.root=/home/UserData/ -Dcrushftp.server.file.warn=true -Dcrushftp.server.file.log=false -Dcrushftp.server.file.strict=true -Dcrushftp.security.exec=true -Dcrushftp.security.classloader=false -Dcrushftp.security.stop_start=true -Xmx.........

Path arguments are case sensitive even if the OS/filesystem is not.

Applying the crushftp.server.root and crushftp.user.root JVM runtime parameters at least , will have the equivalent results of UNIX chrooting.

IMPORTANT
#

Before applying the restrictive run time arguments, the TempAccounts and Preview folders need to be moved under the path set for user root. The server SSL keystore file to be moved under the server root. Then the settings updated accordingly.
Especially in case of setting the Dcrushftp.server.file.strict flag to true, for in case of any kind of misconfiguration in this area, the server process will not start.