This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

An administrator can either be a full administrator who can access everything in the server prefs, and all users, or you can delegate administration allowing a limited administrator to create and manage users in their group, and assign folders that they themselves have access to.

attachments

There are two different checkboxes. One for "Everything" and one for "Limited". If you enable the "Limited" checkbox, the user who logs in to do remote admin will only get the user manager interface.

The user manager will only contain a list of users who are part of a group that you granted this administrator access to.

So if test3 is a limited admin, there must be a group named "test3". The test3 group should not have test3 as a member, or else test3 can edit himself.

attachments

Security is enforced when the admin goes to save a change to a user. The server verifies any change the remote admin submits.

1.) If the user is not a member of the group, the change is rejected.

2.) If the home folders being specified are not a sub folder of the home directory that the admin can access, the change is rejected.

3.) If the change involves adding an event to a user that specifies a "plugin" action, the change is rejected.

These are done to enforce security and prevent privilege escalation. Any attempted violation of these is logged in the server log for audit purposes.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
limited_admin.png 50.1 kB 3 09-Oct-2016 18:14 Ben Spink
png
limited_group.png 45.5 kB 1 09-Oct-2016 18:14 Ben Spink
png
limited_view.png 55.3 kB 1 09-Oct-2016 18:14 Ben Spink
« This particular version was published on 09-Oct-2016 18:14 by Ben Spink.
G’day (anonymous guest)

OLD WIKI!!!#

New: CrushFTPv9#

OLD WIKI!!!#


CrushFTP8 | What's New
JSPWiki