Cerberus Group Accounts
About Groups
Cerberus FTP Server has supported groups since version 3.0. This simplifies administration by letting you assign permissions once to the group instead of multiple times to each individual user. You can add Virtual Directories and basic user settings to a group and have users inherit those permissions. By default, when a user is assigned a group that group's settings override the default user settings. You will see the user settings grayed out and the actual value displayed for each grayed setting is the value of the group that user belongs to.
The exception is the virtual directory list. The user's virtual directories are a union of the group's virtual directories and any virtual directories you add to the user.
Overriding Group settings for a User
You can always over-ride the group settings by right-clicking on a user in the User Manager and select the "Override Group" to assign a value different from the group value. From that point on that user setting will be "disconnected" from the group setting. You can revert back to the group setting by right-clicking on the user and selecting "Default to Group".
Adding a new group
A group can be added and modified in the Cerberus FTP Server database by opening up the User Manager and selecting the Groups tab. To add a group, select the New button to the right of the "Cerberus Group Accounts" group box. A new group will appear under the group list box. The newly created group will already be selected and in rename mode. All group names must be unique and are case insensitive. Once you have entered the new group name, press "enter" to commit the change. The group can then be configured by clicking on the group name in the group list box. A list of configurable properties for that group will appear in the list box to the right of the group.
Those properties are:
| Is Anonymous | If checked, the password for any user that is part of this group is ignored and the user can be logged in using any password. |
| Is Simple Directory | In simple directory mode the administrator can only assign one directory to represent the virtual directory for a user that is a member of this group. |
| Is Disabled | Determines whether the account can login or not. A disabled account cannot login to the server. |
| Simultaneous Logins | The maximum number of connections this user can make to the server at the same time. |
| Require Secure Control | (Applies to FTP only) If enabled, members of this group can only login to the server using a secure TLS/SSL encrypted connection. |
| Require Secure Data | (Applies to FTP only) If enabled, members of this group can only initiate file transfers over secure TLS/SSL encrypted connections. |
| Disable After Date | If a date is set here then the group will become disabled after the date specified.
All users that are members of this group will also become
disabled. Note: The granularity of the timer is 30 minutes. The account will be disabled within 30 minutes of the time set. |
| Allow Protocols to Login | Controls which protocols a member of this group is allowed to login with. If a protocol is not checked then the user will not be allowed to login using that protocol. |
| SSH Authentication | Determines the SSH authentication requirements for users
that are members of this group. Valid options are:
|
| Maximum Upload File Size | This field can be used to limit the maximum size of an uploaded file. |
| Allowed IP Addresses | A comma-separated list of IP addresses that members of this group can login from. If no IP addresses are specified then no per-group IP address filtering is enforced. Note, global IP address blacklists or whitelists are always enforced first, regardless of this setting. |
