Ocean FTP Server
Help, configuration and tips.
Tutorial: How Groups Work
This page explains what groups are and how they can be used within Ocean FTP Server to help set up flexible account scenarios.
What are Groups?
An advanced feature of Ocean FTP Server comes from the ability to assign an account to a particular group. This capability allows much easier and quicker management of the accounts and also helps ensure the FTP server remains secure. The relationship between an account and it's group is that all associated accounts inherit all settings and limits from the group. However, this concept can often be a little confusing and so to ease understanding this page clarifies a few important details.
The Concept
The best way of understanding the relationship between an account and a group is to understand the purpose of groups. Groups exist for only two reasons...
- To allow sharing of similar settings amongst multiple accounts which will help speed up administration.
- To help protect against human error and keep the FTP server secure.
If an account is part of a group, the account can then only behave within the limitations set by the group. This idea ensures that if a group disallows a particular feature (i.e. file writing), then all associated accounts will also disallow it. This idea also extends to parameter type limits (e.g. maximum upload speed), which ensures that a limit set by a group will also be placed on associated accounts. This means that an account is always limited to the group settings, or if required, can set further limitation but cannot remove / reduce the group limits. If an account defines a reduced limit, then this is capped to the group limit. The list below defines the behavior of each available setting for accounts...
- General Access Rights - Accounts can only enable the rights which are also enabled by the group. For an account to be allowed certain access rights, both the account and group must enable the access right.
- Password Changing - Both the account, group and overall settings must have this enabled for it to be allowed.
- Root Folder - If a group does not define a root folder, the account is allowed to define any folder of its choice. If a group sets a root folder, then all associated accounts will share this same root folder.
- Virtual Folders - An account can define any virtual folder of its choice. Any group defined virtual folder is inherited into all associated accounts. Should the account and group define the same named virtual folder, the group's virtual folder will hide the account's virtual folder.
- Start in Directory - This behaves exactly the same as the 'root folder' setting.
- Limits and Credits - If a group does not define a limit, then the account setting is used. If a group defines a limit, then all the associated accounts can either obey the limit or set a lower limit.
- IP Restrictions - If a group does not define a set of safe IPs or blocked IPs, the account settings are used. If a group defines a set of safe IPs, the account will either obey the group (by not settings any IPs) or be allowed to select which IPs in the group's range are allowed. If a group defines a set of blocked IPs, the account must obey these limits but can also add to the blocked IPs.
"A group's purpose is to define any commonly shared settings and also define the upper limits to which all associated accounts are allowed."
Nested Groups
Another benefit of Ocean FTP Server is that not only can accounts be part of a group, groups can also be part of another group. This functionality allows commonly shared settings amongst groups to be placed into a higher group to further speed and help management. The relationship between two groups is exactly the same as an account and a group (the parent group takes precedence).
|
