Documentation forServ-U MFT & Serv-U FTP Server

Group Properties: Group Information

Group Name A unique name for this group.
Administration Privilege

Select the level of privilege to be applied to users in this group.

No Privilege. A regular user account that can only transfer files to and from the File Server. The Serv-U Management Console is not available.

Group Administrator. A Group Administrator can only perform administrative duties relating to their primary group - the group listed first in their Groups memberships list. They can add, edit, and delete users which are members of their primary group. They can also assign permissions at or below the level of the Group Administrator. They may not make any other changes.

Domain Administrator. A Domain Administrator can only perform administrative duties for the domain to which their account belong, and is also restricted from performing domain-related activities that may affect other domains. The domain-related activities that may not be performed by Domain Administrators are:

  • configuring their domain listeners
  • configuring or administering LDAP groups
  • configuring ODBC database access for the domain

System Administrator. A System Administrator can perform any file server administration activity including creating and deleting domains, user accounts, and even updating the license of the file server. A user account with System Administrator privileges logged in through HTTP remote administration can administer the server as if they had physical access to the server.

Read-only Group/Domain/Server Administrator. Read-only administrator accounts can allow administrators to log in and view configuration options at the group, domain or server level, greatly aiding remote problem diagnosis when working with outside parties. Read-only administrator privileges are identical to their full-access equivalents, except that they cannot change any settings, and cannot create, delete or edit user accounts.

Default Web Client

If your Serv-U license enables the use of FTP Voyager JV, then users in this group connecting to the file server through HTTP can choose which client they want to use after logging in. Instead of asking users in this group which client they want to use, you can also specify a default client. If you change this option, it overrides the option specified at the server or domain level.

Always Allow Login

Enabling this option means that user accounts in this group are always permitted to log in, regardless of restrictions placed upon the file server, such as maximum number of sessions. It is useful as a fail-safe in order to ensure that critical system administrator accounts can always remotely access the file server. As with any option that allows bypassing access rules, care should be taken in granting this ability. The value of this attribute can be inherited through group membership.

Enabling the Always Allow Login option currently overrides User and Group IP access rules.

Enable Account Deselect this option to disable the user accounts in this group. Disabled accounts remain on the file server but cannot be used to log in. To re-enable accounts in this group, select the Enable account option again.
Description Enter an optional description for this group. This description is only visible to administrators.
Home Directory

Enter or navigate to the home directory for users in this group. This is where the user is placed immediately after logging in to the file server. This must be specified using a full path including the drive letter or the UNC share name.

When you specify the home directory, you can use the %USER% macro to insert the login ID in to the path. This is used mostly to configure a default home directory at the group level or within the new user template to ensure that all new users have a unique home directory. When it is combined with a directory access rule for %HOME%, a new user can be configured with a unique home directory and the appropriate access rights to that location with a minimal amount of effort.

You can also use the %DOMAIN_HOME% macro to identify the users in this group's home directory. For example, to place a user's home directory into a common location, use %DOMAIN_HOME%\%USER%.

The home directory can be specified as "\" (root) in order to grant system-level access to user in this group, allowing them to access all system drives. In order for this to work properly, users in this group must not be locked in their home directory.

SSH Keys

If you have MFT edition of Serv-U, you can specify a SSH public key to be used to aunticate a user in this group when logging in to the the Serv-U File Server.

For information on SSH public key authentication, adding a SSH key pair, and creating an key pair for testing, see New SSH Key Pair Creation.

Lock user in home directory Users locked in their home directory may not access paths above their home directory. In addition, the actual physical location of their home directory is masked because Serv-U always reports it as "/" (root).
Apply group directory access rules first The order in which directory access rules are listed has significance in determining the resources that are available to a user account in this group. By default, directory access rules specified at the group level take precedence over directory access rules specified at the user level. However, there are certain instances where you may want the user level rules to take precedence. Deselect this option to place the directory access rules of the group below the user's.
Availability Click to open the Availability Settings window where you can configure the time of day and/or days of the week when users in this group can log in.
Welcome Message

Click Welcome Message if you want to sent a welcome message to users in this group when they log in. The welcome message is a message traditionally sent to the FTP client during a successful user login. Serv-U extends this ability to HTTP so that users in this group accessing the file server through the Web Client or FTP Voyager JV also receive the welcome message. This feature is not available to users logging in through SFTP over SSH2, because SSH2 does not define a method for sending general text information to users.

Check Include if you want to include the response code in the welcome message test when an FTP connection is made.

Either select or navigate to a message file if you have already created a text file containing a welcome message or check the Override box, and enter a message specific to the user in this group in the text box above it.