Cerberus FTP Server supports bulk user import and export using CSV files. The CSV import and export features can be accessed using the import and export buttons on the right side of the Users page of the User Manager.
The CSV Import and CSV Export capabilities support nearly all the Cerberus FTP Server user fields and capabilities.
Tip: For an example CSV Import file, you can export your current user accounts in CSV format from the User Manager. It is best to export some existing users first and use the exported CSV as a guide.
Adding a Virtual Directory for a User
The directory permissions field for a virtual directory in the CSV file is a simple bit mask. Permissions have the following values:
Permission | Value |
---|---|
File Permissions | |
LIST FILES | 64 |
RENAME FILES | 32768 |
DELETE FILES | 8192 |
Directory Permissions | |
LIST DIRECTORIES | 32 |
RENAME DIRECTORIES | 16384 |
DELETE DIRECTORIES | 4096 |
CREATE DIRECTORIES | 16 |
General Permissions | |
UPLOAD | 2 |
DOWNLOAD | 1 |
DISPLAY HIDDEN FILES | 128 |
SHARE DOWNLOAD | 1024 |
SHARE UPLOAD | 2048 |
ZIP | 256 |
UNZIP | 512 |
Retired Permissions | |
RENAME* | 4* |
DELETE* | 8* |
* Reserved legacy values. The RENAME_BIT and DELETE_BIT are legacy and will get migrated to the new values. If the new bit values for rename and delete are present, the old values are ignored
To assign the permissions to your virtual directories, just add the values up to achieve the desired permissions. e.g., Download, Upload, Rename Files, and Delete Files permissions would be (1 + 2 + 32768 + 8192) = 40963.
Granting all permissions would be 65523.
The Password field
Cerberus will import plaintext passwords, as well as hashed passwords.
By default, Cerberus assumes the password field in the CSV file contains a plain text password. However, if the password begins with a hash type enclosed in pairs of curly brackets then Cerberus assumes the text that follows is a base16-encoded salt and hash of a password. This capability allows you to import user account data when all you have is the hash of the user’s password.
For example, the following password text will be interpreted as a password hash:
{{SHA1}}254A08D8B2E49413F242C0ED6888DD99F3E53A500C01D6B0D5B9EB414394
See our section on password storage formats for supported hash algorithms and general formatting information for the base16 hash.
Group Import Export
Cerberus FTP Server does not currently support CSV import or export of groups. You will need to ensure that any groups referenced by your users during CSV import already exist in Cerberus before attempting the user import.
Dates
The dates in the CSV export are Unix time (a.k.a. POSIX time or Epoch time). It is defined as the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), Thursday, 1 January 1970.
You can use a converter like https://www.epochconverter.com/ to convert them to a readable format.
Fields
This is a guide on the fields contained in the CSV file and the format of the information contained in them. 'User' or 'Group' following a semi-colon in some of the fields defines whether the setting is pulled from what is set at the 'User' level, or, if the user is part of a group, from the 'Group' level. Password should be left blank and set in Cerberus unless you are exporting from another instance of Cerberus and the hashed password information is already in that field.
Required |
|
Column Name | Setting information |
Username | Username |
Recommended(These will set the protocols the user can access and one virtual directory, otherwise you may need to edit the user later) |
|
Protocol Allow FTP | 'TRUE' or 'FALSE' |
Protocol Allow FTPS | 'TRUE' or 'FALSE' |
Protocol Allow SSH SFTP | 'TRUE' or 'FALSE' |
Protocol Allow HTTP | 'TRUE' or 'FALSE' |
Protocol Allow HTTPS | 'TRUE' or 'FALSE' |
DirName1 | Virtual Directory Folder Name |
DirPath1 | Virtual Directory Path |
DirPermissions1 | Virtual Directory Permissions |
To add more virtual directories, increment the number by 1, eg 'DirName2'. 'DirPath2', DirPermissions2', etc. | |
Optional(Cerberus default set if left blank) |
|
Password Change Required | 'TRUE' or 'FALSE' |
Allow Password Change | 'TRUE' or 'FALSE'; 'User' or 'Group' |
Password Never Expires | 'TRUE' or 'FALSE' |
Password Expiring Warning Sent | 'TRUE' or 'FALSE' |
First | First Name |
Last | Last Name |
Email Address | |
Telephone | Phone Number |
Mobile | Cellphone/Mobile Number |
Description | Text description of User |
*Primary Group | (If you specify a group, it MUST exist in Cerberus already or the user will not be added) |
Secondary Group | (If you specify a group, it MUST exist in Cerberus already or the user will not be added) |
Is Disabled | 'TRUE' or 'FALSE' |
Is Anonymous | 'TRUE' or 'FALSE' |
Is Simple Directory | 'TRUE' or 'FALSE' |
Is Secure Control | 'TRUE' or 'FALSE' |
Is Secure Data | 'TRUE' or 'FALSE' |
Protocol Precedence | 'User' or 'Group' |
Allowed IP Addresses | Comma delimited list; 'User' or 'Group' |
Max Simultaneous Logins | '-1' (=none) or number; 'User' or 'Group' |
Max Upload Filesize | '0' (=none) or number; 'User' or 'Group' |
Auth Precedence | 'User' or 'Group' |
Auth SSH Method | 'password', 'publicKey', 'passwordAndPublicKey','passwordOrPublicKey' |
Auth PublicKey FilePath | Path to public key |
Auth MFA Allowed | 'TRUE' or 'FALSE' |
Auth MFA Require for HTTP | 'TRUE' or 'FALSE' |
Auth MFA Restrict FTP | 'TRUE' or 'FALSE' |
Auth MFA Restrict SSH | 'TRUE' or 'FALSE' |
Usually Set by Cerberus(leave blank if you wish to have Cerberus set or enter dates/times using the Epoch format outlined above) |
|
Password Last Changed Date | N/A |
Create Date | N/A |
Last Login Date | N/A |
LastLoginIP | N/A |
Disable Date | N/A |
Comments
0 comments
Please sign in to leave a comment.