Skip to main content
Documentation

FTP/SFTP Folder Settings

Each user account has two settings that control how folders are presented through FTP and SFTP: FTP/SFTP Client Root Folder and FTP/SFTP Client Default Home Folder.

These settings do not grant access on their own. Users must also have permissions to the folders they need to read or change.

Client Root Folder

The FTP/SFTP Client Root Folder presents a folder as the user's / during FTP and SFTP sessions, restricting them to that folder and its subfolders. This is sometimes called a "jail" folder. For example, setting this to /Clients/ACME causes that folder and its subfolders to appear as the root of the server.

Some legacy FTP or SFTP clients and custom scripts expect to interact with a root folder on the server, and it is almost never desirable to grant access to your site's actual root. Setting an FTP/SFTP Client Root Folder gives the user a / folder that is an isolated subfolder rather than your site's root.

The FTP/SFTP Client Root Folder always applies on FTP connections. For SFTP connections, the site-wide SFTP Client Root Folders setting must also be enabled.

When the user's File System Layout is set to User Root, the same path is presented in the user's account as their User Root and jails the user across every protocol, not just FTP and SFTP.

Client Default Home Folder

The FTP/SFTP Client Default Home Folder is where the user lands when they connect via FTP or SFTP. This is useful when a user has access to more than one folder and needs to change directories during the session.

If the FTP/SFTP Client Root Folder is set for the user, the Client Default Home Folder must sit inside it.

Unlike the FTP/SFTP Client Root Folder, the Client Default Home Folder does not define a virtual root directory. Users can navigate to parent directories of the home folder, unless the home folder is also their FTP/SFTP Client Root Folder.

Default Behavior

By default, both the FTP/SFTP Client Root Folder and the FTP/SFTP Client Default Home Folder are set to the root folder of your site. This does not grant any access to items in the root folder. All access is granted through user or group permissions to specific paths.

A user with the default settings lands in the root folder when they connect via FTP or SFTP. Only the subfolders covered by one of their path permissions are visible there. The user cannot change parent folders they have not been granted permission to, and can only navigate into the subfolders their permissions cover.