Cerberus Group Accounts
About Groups
Using groups simplifies the administration of multiple accounts by letting you assign permissions once to a group, instead of multiple times to each individual user. You can add Virtual Directories and basic user settings to a group and have users inherit those permissions. By default, when a user is assigned a group, that user inherits all of the group’s settings. However, those settings can still be overridden for the user account.
When a user is a member of a group, the user’s settings on the Users page will be grayed out, and the actual value displayed for each grayed setting is the value of the group that the user belongs to.
Virtual directories for the user account are a combination of the group’s virtual directories, and any virtual directories you assign specifically to the user account.
Overriding Group settings for a User
You can always override the group settings for a user by clicking on that user in the User Manager and then selecting toggling the group icon to the right of the setting to the user icon. Once you have toggled to the user setting, select your setting different from the group value and click ‘Update User’. You can revert back to the group setting by clicking on the user icon and toggling it back to the group icon.
Adding a new group
A group can be added and modified in Cerberus by opening up the User Manager and selecting the Groups tab. To add a group, select the New button. A new group will appear under the group list box. All group names must be unique and are case insensitive.
Once you have entered the new group name, press "Update Group" to commit the change. The group can then be configured by clicking on the group name in the group list box. A list of configurable properties for that group will appear below the Cerberus Group list.
Those properties are:
Profile
Group Name The unique name for the group.Description A brief summary or way to identify the group.
Members
Group Member List This list displays native Cerberus members of the group as well as any LDAP and AD user and group mappings.Constraints
Anonymous If checked, the password for any user that is part of this group is ignored and the user can be logged in using any password.
Disabled Determines whether the account can log in or not. A disabled account cannot log in to the server.
User Can Change Password Controls, whether a user that, belongs to the group can change their password through the HTTP/S web client or through SSH SFTP or FTP commands.
Max Logins The maximum number of connections this user can make to the server at the same time.
Disable Date If a date is set here then the group will become disabled after the date specified. All users that are members of this group will also become disabled.
Note: The granularity of the timer is 30 minutes. The account will be disabled within 30 minutes of the time set.
Maximum Upload File Size This field can be used to limit the maximum size of an uploaded file. This value defaults to unlimited. The file size is specified in bytes. Specify 0 or any non-positive value to reset the maximum file size to unlimited.
Allowed IP Addresses A comma-separated list of IP addresses that members of this group can log in from. If no IP addresses are specified then no per-group IP address filtering is enforced. IP addresses can be specified as a single IP, a range of IP addresses separated by a dash, e.g. 192.168.0.100 - 192.168.0.150, or a CIDR-formatted IP address range. Multiple formats can be combined, with every single IP or range separated by a comma. Note, global IP address deny lists or allow lists are always enforced first, regardless of this setting.
Authentication
SSH Authentication Method | Determines the authentication requirements for logging into an SFTP interface. Valid options are:
|
Multifactor Authentication (2FA) | Determines if Two Factor authentication is allowed or required. |
---|---|
Allow 2 Factor | This option allows users in the group to set up 2FA if they choose to |
Require 2 Factor for HTTP/S | This makes 2FA a requirement for users in the group when using the HTTP/S web client. |
2 Factor for SSH SFTP/SCP |
Controls the 2FA behavior for users when using the SFTP protocol.
|
Do not allow FTP/S logins (No 2FA) | This option will not allow users in the group to log in via FTP/S when 2FA is enabled. |
Allow FTP |
Both FTP and FTPES connections will be allowed to attempt to login over an FTP listener |
Permitted Login Protocols |
Controls which protocols a member of this group is allowed to log in with. If a protocol is not checked then the user will not be allowed to log in using that protocol.
|
FTP Only Settings | These settings only apply when the user logs in using FTP. |
---|---|
Require Secure Control | (Applies to FTP only) If enabled, members of this group can only log in to the server using a secure TLS/SSL encrypted connection. |
Require Secure Data | (Applies to FTP only) If enabled, members of this group can only initiate file transfers over secure TLS/SSL encrypted connections. |
Comments
0 comments
Please sign in to leave a comment.