FileZilla Server Group panel allows the creation of Groups of users, to define properties shared by all users belonging to the same group.
You can set the following properties:
- Mount points
- Filters
- Limits
Editing groups
To edit a group, select it from the list you find on the left of the Groups panel. On the right side of the Groups panel you find three tabs:
- The General tab allows you to edit the mount points and set an optional description for that group.
- The Filters tab allows you to edit the filters for that group.
- The Limits tab allows to edit the group’s speed, filesystem, and concurrent sessions limits.
To create a new group, click on the Add button you find at the bottom.
To rename a group, select it and click on the Rename button.
To duplicate a group, select it and click on the Duplicate button.
To remove a group, select it and click on the Remove button. Be aware that, in case there is at least one user in that group, you’ll be asked to choose if you want to delete just the group, delete also all the users in it, or move the users to another group.
Editing mount points
To share files and directories with FTP users, FileZilla Server uses the concept of mount points.
A mount point includes a virtual path and a native path. The native path is a local file path, the virtual path is the path that the FTP users will see and it is mapped to the native path by FileZilla Server.
To add a mount point click on the Add button and enter a virtual path (eg. \) and a native path (eg, C:\ftproot\sample
).
Virtual path format
The format of the virtual path is the same one used by UNIX-like operating systems: files and directories are separated by the slash ‘/’ character and all files and directories belong to a unique root, whose name is exactly ‘/’. Virtual paths are normalized by resolving all . and .. directories and removing any trailing ‘/’ character.
Native path format
The format of the native path is the same used by the operating system. On Windows UNC paths are supported too, and both the slash ‘/’ and backslash ‘\’ characters are valid separators. Native paths are normalized just like virtual paths. In addition, on Windows the slash ‘/’ is normalized to become a backslash ‘\’, path segments are not allowed to terminate with dots and they cannot contain the colon ‘:’ character, except for the device name.
Note: While setting up native paths, make sure they exist or ask the server to create them for you by selecting the checkbox Create native directory if it doesn’t exist.
Placeholders
Placeholders can be used to define native paths, and are replaced with their values when the native path is resolved. There are two placeholders available:
- %<home> – gets replaced with the absolute path of the home directory of the logged-in user. As it is substituted with an absolute path, it should be the sole element of the native path when
utilized. - %<user> – gets substituted with the name of the currently logged-in user.
Further limitations (Windows only)
Virtual paths cannot contain the backslash ‘\’ character and they cannot contain the colon ‘:’ as well.
Both the virtual and native paths must be in their absolute form, meaning they must begin with the root directory. Native path on Windows must either be in the UNC path form or begin with a drive device letter followed by a colon followed by a backslash (or a slash).
Permissions
Sharing a directory through a mount point also shares all the files and directories contained therein, unless otherwise specified by the permissions associated with the mount point itself.
Permissions can be set as Read only, Read + Write or Disabled.
If you choose Read, neither files nor the directory structure will be modifiable.
If you choose Read + Write any kind of modification will be allowed, unless the flag Writable directory structure is deselected, in which case it won’t be possible to create, delete or rename subdirectories.
Choosing Disabled allows you to block access to a directory, even if its parent directory is accessible
through a mount point. In the example below, the /home/user/Documents/disabled directory is made
inaccessible, while /home/user/Documents/ remains accessible:
First mount point:
-
Virtual path: /Documents
Native path: /home/user/Documents/ [enabled]
Second mount point:
-
Virtual path: /Documents//disabled [disabled]
Native path: empty.
The native path of a disabled mount point can be non-empty but is disregarded. This feature is handy
for temporarily disabling an existing mount point.
It’s important to note that if any enabled mount points exist with a virtual path whose parent corresponds to the virtual path of a disabled mount point, they will remain accessible as usual.
Note: Once you choose Disabled, you can’t change the native path.
By default, permissions are applied to all subdirectories. If you want to avoid that, deselect the
checkbox Apply permissions to subdirectories. By doing that all subdirectories of a mount point will implicitly have permissions set to Disabled.
Note that permissions are further restricted by the ones set on the underlying native file system. For
example, if a file is set as read-only at file system level and at the same time it’s visible through a mount point whose permissions are read+write, the file will not be writable.
Editing Filters
You can implement IP-based filtering at group level. To learn how to configure filters consult the Filters section.
Editing limits
Speed limits: The speed limits sections allow you to configure upload and download speed limits, which can be customized for each session associated with the group or shared among all sessions linked to the group.
For example, if a per-session limit is set to 10 KiB/s and there are 5 active sessions related to the group, each session will be able to reach 10 KiB/s, resulting in a cumulative speed of 50 KiB/s for all sessions.
On the other hand, if you set a shared-session limit to 10 KiB/s and have 5 active sessions related to
the group, the combined speed for all sessions will be limited to 10 KiB/s.
Filesystem Limit: The Filesystem Limit allows you to define the maximum number of files and/or directories that can be opened simultaneously. This setting provides fine-grained control over the user’s file management activities within each session associated with the group or across all sessions related to the group.
Concurrent Sessions Limit: The Concurrent Sessions Limit feature enables you to establish the maximum number of sessions that a user can have open simultaneously. This parameter governs the parallel operation of sessions, ensuring efficient resource utilization and helping to manage the user’s engagement across multiple sessions. Whether specific to each session related to the group or shared
among all sessions, this limit provides flexibility in controlling the user’s concurrent interactions with the system.
The video tutorial below shows how to configure FileZilla Server’s user types and how to use placeholders to define native paths.