View Single Post
  #1  
Old 04-21-2020, 12:43 AM
dverbern dverbern is offline
Registered User
 
Join Date: Mar 2019
Posts: 31
Need understand what controls local folder external 'lands in'

Hello,

I'm using VShell 4x on Windows Server 20xx.
Reasonably experienced with the product, except I'm suddenly unclear on exactly what factors go into controlling what local folder on my server a 3rd party will 'land in' when they connect.

** At this point, I notice the VShell documentation clearly states that Virtual Roots only apply to file transfer, not to shell, etc. My 3rd party is saying the folder they 'land in' on connection is wrong. They are able to interactively query that session, like using LS, is that a Shell session? **

Say I've got the following local simplified folder structure (again, Windows, not Linux/Unix):

C:\sftp\coresystem
C:\sftp\coresystem\3rdparty
C:\sftp\coresystem\3rdparty\incoming
C:\sftp\coresystem\3rdparty\outgoing

Assumptions: There is a local account on my SFTP server, '3rdparty'.

I've already gone into the Properties of the file system and set the NTFS permissions, the Access control list or ACL. The ACL I've set defines that, amongst other things, the local account '3rdparty' has NO PERMISSIONS until the folder path 'C:\sftp\coresystem\3rdparty', at which point I set '3rdparty' as having 'Modify' permissions and I chose for that permissions to inherit onwards to subfolders.

In VShell, under Virtual Roots, I've created a Virtual Root and named it 'coresystem', set its path to 'C:\sftp\coresystem' and I've associated the local account '3rdparty' with that particular root. I'm not using Impersonation. I'm not using user variables, not using a single virtual root. For '3rdparty' actual permissions in Virtual Roots, I've set each box EXCEPT nominating the Virtual Root as the HOME and without checking the DELETE permission.

I understand that Virtual Roots can only be used to further restrict what Windows file permissions are already doing, it cannot 'open up' that which Windows permissions are blocking.

Given all that, what folder should the 3rd party expect to 'land in' upon connection to my environment?
Reply With Quote