PRODUCTS > VSHELL > FINE-TUNED CONTROL
 Send us a question or comment

Fine-Tuned Control with VShell® Server

VShell Server provides a number of features that let you fine-tune access and file system privileges, deploy advanced authentication options, and securely automate response to server events like file transfers and failed authentication attempts.

SFTP virtual directories

Using VShell's SFTP virtual directories feature, administrators can define multiple directory access points for different groups or individual users. The ability to define a specific set of folders for a group of users based on membership in an Access Control List (ACL) furthers VShell's integration with Windows and UNIX server operating systems.

From a practical perspective, discrete groups of users ranging from internal employees to contractors to external business partners can each be assigned different directory access points. This is illustrated in the examples below.

Read more about SFTP virtual directories in VShell for UNIX in the Solutions Guide. More information about this feature in VShell for WIndows is available in the built-in documentation, which is available online.

Triggers help automate routine administrative tasks

Busy system administrators have bigger issues to attend to than moving files from one folder to another or manually scanning uploaded files for virus infections. Always on the run, they could also use some way of being notified that someone has exceeded the permitted number of logon attempts — often an early sign of an intrusion attempt. VShell server helps administrators deal with these issues with triggers.

Triggers allow an administrator to initiate file operations like anti-virus scans or moving files from an upload folder to a destination folder. The VShell server provides an extensive set of trigger conditions that allow administrators to script a variety of common tasks.

Download triggers can be used to initiate an automated action after a file has been downloaded. As an example, a file can be automatically moved or deleted once it has been downloaded, or an e-mail can be sent to notify the administrator that the file has been retrieved.

The failed authentication trigger initiates a command after a user exceeds the permitted number of logon attempts and can be used to send an e-mail or page notification to the administrator. This trigger provides the ability to embed IP address, time, and user information into the message.

For more information on the entire set of available triggers, please see the Triggers page.

Restrict users' access to just their home directories

VShell for UNIX includes the ChrootUsers and ChrootGroups commands to restrict the members of the listed groups to their home directories when attempting shell access, remote command execution, or subsystem execution. Providing shell access or SFTP file transfer isn't an "all-or-none" proposition with VShell for UNIX. The new jail shell feature allows you to restrict individual users or groups to have shell access or file transfer privileges in only their home directories. This restriction is implemented using the ChrootUsers or ChrootGroups statement in the configuration file. Read more about chroot commands in the VShell for UNIX Solutions Guide.

Control what Secure Shell services are available to users and groups

VShell uses Access Control Lists (ACLs) to define which Secure Shell services (shell access, SFTP file transfer, SCP and port forwarding) are granted to individual users or groups. As an example, a remote salesperson (or sales group) might only be granted SFTP access to their home directory to allow sales reports to be uploaded and collateral materials downloaded. A system administration group could be granted full shell and SFTP access to the server(s) they maintain. Where administrators do not want to grant shell privileges but file transfer is needed, SCP rights only can be granted, and then only to a defined segment of the file system. A fourth group of non-technical users (marketing, HR, etc.) could be granted port forwarding privileges for their e-mail and corporate calendar applications to allow working from home or another remote location. Read more about ACLs in the VShell for UNIX Solutions Guide and the VShell for Windows built-in documentation which is available online.