Skip to content

Dir Access

The Dir Access tab allows configuration of directory access for the selected user or group.

configure directory access rights in MFT
server

New V Folder

The "V" here stands for "virtual". A virtual folder in TurboFTP Server is similar to the symbolic link to a physical folder in the Unix file system. The New V Folder button is available only when a physical folder is selected. It will be created as a virtual subfolder of the physical folder. Click the button to open the Create virtual folder dialog.

New Folder

The New Folder button is enabled only when a folder is selected. Click the button to open the Create physical folder dialog. Enter the name of the new folder and click OK to create it.

Delete Folder

Select a folder and click the Delete Folder button, and the folder will be deleted if it is empty or virtual. A physical folder that includes only virtual folders can also be deleted directly. However, a physical folder that includes physical subfolders or files cannot be deleted with this button, and you must remove its contents first.

New Rule

Opens the Add Rule dialog.

The dialog shows a list of available users and groups for which you can create a permission rule for the directory. Select a user or group and click OK to add a "blank" rule. You can select multiple users or groups by holding the CTRL key while clicking the items. Optionally, you can select the Grant all permissions box to assign full permissions to the rule. Once the rule is added, you can also edit the permissions. To do so, highlight the target folder in the directory tree, select the rule you want to change, and modify the permissions under File Permissions, Dir Permissions or Common Permissions sections. The string value in the Permissions column will be updated accordingly.

In the following example, the user "timhortons" has all the access rights to the domain root directory except the Write, Delete and Append rights, and the string representing the permissions is "-R-NL-LDRC.HO", with the hyphens indicating the missing permissions.

Suppose we select a subdirectory like archive under the root directory. The user has the same access rights for the subdirectory, but the permission boxes are grayed out. It is because the root directory has the option Subdirectories inherit permissions enabled, the default for all folders. If you don't want a folder to inherit its parent's permission settings, you must clear the Subdirectories inherit permissions option for the immediate parent folder. If you do so, no one can access any subdirectories unless there is a rule defining their access rights to a specific subdirectory.

Add MFT directory access rule

Remove Rule

To remove a rule, select it in the rule list and click the Remove Rule button.

Rules of Permissions

Rules of permissions are grayed unless one user or group in the rule pane is selected. The rules checked will be tested one after another until the last rule.

File Permissions

Check each item of the file permissions area that you want the user or group to be able to use to edit files.

Dir Permissions

Check each item of the Dir permissions area that you want the user or group to be able to use to edit directories.

Common Permissions

Check the boxes in the Common permissions area to choose Show Hidden or Show ReadOnly.

Note: This "Show Hidden" option works only when the user Advanced setting tab, the option "Show hidden files" is grayed out. To learn more, please click here.

Subdirectories inherit permissions

When the box is checked, subdirectories of the current directory inherit their parent directory.

Select All

Enable of all the permissions.

Clear All

Clear all the permissions.

New V Folder

FTP server create new virtual folder

Virtual folder name

The Virtual folder name is required and cannot be the same as other subfolders belonging to the same parent folder.

Associated physical folder

An Associated physical folder to the new virtual folder is required; enter a valid folder path or click the browse button to select one.

Dir Access Permissions Inheritance

By default, permission rules on a directory are inherited by its subdirectories unless the 'Subdirectories inherit permissions' checkbox is cleared.

Dir Access Permission Precedence

The permissions (ACEs) explicitly set in a folder's ACL take precedence regarding access rights to the immediate contents of the folder. For example, user 'alice' belongs to the group 'students'. Suppose the parent folder /class has an ACE for group 'students' and is propagated to its sub-folders, but folder /class/student has an ACE for user 'alice'. In that case, the latter will override the former in determining Alice's access rights to the folder /class/student contents.

For a folder, if one of its ACEs and one of the inherited ACEs are for the same user or group, the one of its own takes priority.

Principle of Least Privilege

To minimize the potential risk of security in directory access, only grant permissions to users/groups they need.

Note: To store the changes of Dir Access, you must hit Apply each time you change a folder's permissions before switching to another folder in the VFS tree.