Cerberus Group Accounts

About Groups

Using groups simplifies administration of multiple accounts by letting you assign permissions once to a group, instead of multiple times to each individual user. You can add Virtual Directories and basic user settings to a group and have users inherit those permissions. By default, when a user is assigned a group, that user inherits all of the group’s settings. However, those settings can still be overridden for the user account.

When a user is a member of a group, the user’s settings on the Users page will be grayed out, and the actual value displayed for each grayed setting is the value of the group that the user belongs to.

Virtual directories for the user account are a combination of the group’s virtual directories, and any virtual directories you assign specifically to the user account.


The Cerberus FTP Server User Manager- Groups page

Overriding Group settings for a User

You can always over-ride the group settings for a user’s properties by right-clicking on that user property in the User Manager, and then selecting the “Override Group” option to assign a value different from the group value. You can revert back to the group setting by right-clicking on the user property and selecting “Default to Group”.

Adding a new group

A group can be added and modified in the Cerberus FTP Server database by opening up the User Manager and selecting the Groups tab. To add a group, select the New button to the right of the “Cerberus Group Accounts” group box. A new group will appear under the group list box. The newly created group will already be selected and in rename mode. All group names must be unique and are case insensitive. Once you have entered the new group name, press “enter” to commit the change. The group can then be configured by clicking on the group name in the group list box. A list of configurable properties for that group will appear in the list box to the right of the group.

Those properties are:

Is Anonymous If checked, the password for any user that is part of this group is ignored and the user can be logged in using any password.
Is Simple Directory In simple directory mode the administrator can only assign one directory to represent the virtual directory for a user that is a member of this group.
Is Disabled Determines whether the account can login or not. A disabled account cannot login to the server.
Can Change Password Controls whether user’s that belong to the group can change their password through the HTTP/S web client or through SSH SFTP or FTP commands.
Simultaneous Logins The maximum number of connections this user can make to the server at the same time.
Require Secure Control (Applies to FTP only) If enabled, members of this group can only login to the server using a secure TLS/SSL encrypted connection.
Require Secure Data (Applies to FTP only) If enabled, members of this group can only initiate file transfers over secure TLS/SSL encrypted connections.
Disable After Date If a date is set here then the group will become disabled after the date specified. All users that are members of this group will also become disabled.
Note: The granularity of the timer is 30 minutes. The account will be disabled within 30 minutes of the time set.
Allow Protocols to Login Controls which protocols a member of this group is allowed to login with. If a protocol is not checked then the user will not be allowed to login using that protocol.
SSH Authentication Determines the SSH authentication requirements for users that are members of this group. Valid options are:

  • Password Only: Require only a password for authentication.
  • Public Key Only: Require only a valid public key for authentication
  • Public Key and Password: Require both a valid public key and a valid password for authenticating a user
Maximum Upload File Size This field can be used to limit the maximum size of an uploaded file. This value defaults to unlimited. The file size is specified in bytes. Specify 0 or any non-positive value to reset the maximum file size to unlimited.
Allowed IP Addresses A comma-separated list of IP addresses that members of this group can login from. If no IP addresses are specified then no per-group IP address filtering is enforced. IP addresses can be specified as a single IP, a range of IP addresses separated by a dash, e.g. –, or a CIDR-formatted IP address range. Multiple formats can be combined, with each single IP or range separated by a comma. Note, global IP address blacklists or whitelists are always enforced first, regardless of this setting.