Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
limited_admin.png 50.1 kB 3 25-Oct-2018 04:31 Ben Spink
png
limited_group.png 45.5 kB 1 25-Oct-2018 04:31 Ben Spink
png
limited_view.png 55.3 kB 1 25-Oct-2018 04:31 Ben Spink

This page (revision-7) was last changed on 25-Oct-2018 04:31 by Ben Spink

This page was created on 25-Oct-2018 04:31 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
An administrator can either be a full administrator who can access everything in the server prefs, and all users, or you can delegate administration and control what an admin can do to some degree.
An administrator can either be a full administrator who can access everything in the server prefs, and all users, or you can delegate administration allowing a limited administrator to create and manage users in their group, and assign folders that they themselves have access to.
At line 3 added 2 lines
[attachments|limited_admin.png]
At line 5 changed one line
The user manager will only contain a list of users who are part of a group that matches their username exactly. So if test2 is a limited admin, there must be a group named "test2". The test2 group should not have test2 as a member, or else test2 can edit himself.
The user manager will only contain a list of users who are part of a group that you granted this administrator access to.
At line 9 added 6 lines
So if test3 is a limited admin, there must be a group named "sub_admin" in my example. The sub_admin group should not have test3 as a member, or else test3 can edit themselves.
There must also be a user named "sub_admin" which has a [VFS] with the folders you want the admin to be able to work with.
[attachments|limited_group.png]
At line 11 changed one line
2.) If the home folders being specified are not a sub folder of the home directory that the admin can access, the change is rejected.
2.) If the home folders being specified are not a sub folder of the home directory that the group user can access, the change is rejected.
At line 15 changed one line
These are done to enforce security and prevent privilege escalation.
4.) Other admin escalation permissions are denied too.
These are done to enforce security and prevent privilege escalation. Any attempted violation of these is logged in the server log for audit purposes.
----
Finally the view from a limited admin when they login.
[attachments|limited_view.png]
Version Date Modified Size Author Changes ... Change note
7 25-Oct-2018 04:31 1.758 kB Ben Spink to previous
6 25-Oct-2018 04:31 1.658 kB Ben Spink to previous | to last
5 25-Oct-2018 04:31 1.446 kB Ben Spink to previous | to last
4 25-Oct-2018 04:31 1.486 kB Ben Spink to previous | to last
3 25-Oct-2018 04:31 1.349 kB Ben Spink to previous | to last
2 25-Oct-2018 04:31 1.349 kB Ben Spink to previous | to last
1 25-Oct-2018 04:31 1.199 kB Ben Spink to last
« This page (revision-7) was last changed on 25-Oct-2018 04:31 by Ben Spink
G’day (anonymous guest)
CrushFTP9 | What's New
JSPWiki v2.8.2