RFile will execute a small process impersonating the windows user to limit directory access. This is similar to using a SMB connection to a remote server (or localhost) except its on the same machine as the user and a separate process running as the username is executed using "psexec". All file access is then done from this separate process.

This is useful to make files and folders be owned by the right username, and limiting user access based on windows ACLs.

There are three requirements. The CrushFTP folder's WebInterface folder must be readable by either everyone, or domain users, etc. It has the jar file that will be executed. The second requirement is that the java install must be executable as the user will be executing the java process. The third requirement is that you download and place psexec.exe from sysinternals or peace from http://www.poweradmin.com/paexec/ in the CrushFTP folder (its name must be psexec.exe though).

Windows does not allow the "Local System" account, which is the default Service account, the ability to execute a process as a non admin. Sounds strange you can't de-elevate security, but its a windows limitation. So the service running CrushFTP must be some other user, even an administrator, or domain admin, just anything except "Local System".

This feature is an enterprise only feature.

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 09-Oct-2016 18:14 by Ben Spink
G’day (anonymous guest)


New: CrushFTPv9#


CrushFTP8 | What's New
JSPWiki v2.8.2