Create a dedicated user group for secure file transfer users. An existing operating-system-related user group is attached to the Tectia SFTP group, and they are allowed access only to their user-specific home folders.
Under the Services page, click Add to create a group for SFTP users.
On the Basic tab, name the group
choose Deny or Deny all for all the listed
services, Terminal, Commands, Local Tunnels, and Remote
Tunnels. For more information on restricting terminal access, see Settings for the Rest of Users.
On the Selectors tab, click Add Selector and choose the selector type User Group, and click OK.
When the User Group Selector view opens, attach the relevant
existing operating-system-related user group (named
staff in this example)
to the group.
Data on the newly created group selectors appears on the Selectors tab.
On the SFTP tab, allow the SFTP service for the
SFTP-users and define the User Home Directory for the
user group. This is the SFTP starting directory. Use the default
%USERPROFILES%, as shown in the following figure.
To define Virtual Folders for the user group, first clear the
Use defaults check box on the SFTP tab. Then
C: from the Virtual Folder list and click the
Edit button. When the SFTP Virtual Folder
dialog opens, define the virtual folder as
C:, and its destination as the
user-specific subdirectory under the
SFTP directory on the
drive (when users change directory to
C:, they are actually directed to
their user-specific SFTP directory). The session starts in the user's home directory. No
other directory can be accessed via SFTP.
By default, file access by the user using the SFTP subsystem is restricted by the file system access controls. You can define more restrictions by defining virtual folders on Windows.
By default, if no virtual folders are explicitly defined in the configuration, the
user can access all drives via SFTP and SCP operations, the user's SFTP session starts
C:\SFTP\%username% directory, and that is the target
directory for SCP operations.
When any virtual folders are defined, the user access is limited to the specified folders only. Note that the user's home directory must be under one of the defined virtual folders.
The virtual SFTP root directory is not an actual directory on disk and no files can be written there.
The value of virtual folder can contain the same special strings as the value of