How to use Directory Limits

Limit access to various directories within your storage group.

Before you begin

Once you have selected an Upload Directory ("CP code root") in an upload account, you can define a Directory Limit, a Default Directory and apply Subdirectory Restrictions.
Note: You should have a solid understanding of their use before implementing them. This is especially important if you intend to combine them.
Important: Aspera Upload Acceleration is not supported for use in upload accounts that incorporate a Directory Limit, Default Directory or Subdirectory Restriction. If you intend to use Aspera Upload Acceleration, you cannot configure any of the settings discussed here.

Directory Limit

A Directory Limit is used to establish a “change root” (chroot) for the upload account. This is used if you wish to establish a directory other than the storage group’s actual "CP code root" as the root for the upload account. Access for the upload account will be limited to this directory (and any existing subdirectories). No other directories in the tree above this one will be accessible to the upload account, and protocol-based operations used to return to the root will return to this directory.

  1. Select the appropriate CP code root from the Directory Limit drop-down.
  2. Use the associated field to input the complete path to the desired subdirectory.
  3. Click the Save button.
Note: Directory limits don't apply to the NetStorage HTTP API access method. Instead, use Subdirectory Restrictions.

Default Directory

A Default Directory is the default access point for the upload account. Whenever the upload account connects with the storage group, the directory named here will be the default point of access. For example, after logging in with a supported protocol, this will be revealed as the current working directory.

  1. Select the appropriate directory from the Default Directory drop-down. If you’ve specified a Directory Limit or Subdirectory Restriction, that path will be automatically displayed here, because a Default Directory must exist within these paths.
  2. Use the associated field to input the complete path to the desired subdirectory.
  3. Click the Save button.

Subdirectory Restrictions

Subdirectory Restrictions allow you to limit the upload account’s ability to manage content to one or more specific directories. With each restriction set, the account will only be able to upload, download, move, or delete content within the specified subdirectory. All other subdirectories off of the root (the CP code Root or the Directory Limit) will block the account from performing these and other content management operations.

Adding a Subdirectory Restriction for an Upload Directory
  1. In the Upload Directory table, click the Add icon () in the Actions column.
  2. In the Subdirectory Restriction field that is revealed, input the complete path to the desired subdirectory. If you have defined a Directory Limit, each Subdirectory Limit must exist within that path.
  3. Click the large plus icon to add the restriction.
  4. If desired, repeat Steps 2-3 to add more subdirectories.

If you combine these options

  • If you set up a Directory Limit, a Default Directory setting must exist within that directory. If you have set up your Directory Limit as “/<CP code root>/files”, a Default Directory must be this Directory Limit path, or a subdirectory of it. (For example, “/<CP code root>/files” or “/<CP code root>/files/new/” could be the Default Directory).
  • If you set up a Directory Limit and do not set up a Default Directory, the Directory Limit path will automatically serve as the Default Directory.
  • A Subdirectory Restriction Must Exist within a Directory Limit. If you have set up a Directory Limit for the upload account, a Subdirectory Restriction can only be applied to a child of the Directory Limit. The Directory Limit serves as the root for the account, so you can not use a directory that exists above it in the tree. (Anything above a Directory Limit is inaccessible to the upload account.)
  • A Default Directory Must Exist within a Subdirectory Restriction. If you set up one or more Subdirectory Restrictions, the Default Directory must be set up within one of them. It can exist as a child directory of a restriction, or be a specific Subdirectory Restriction. Therefore, a Default Directory exists within a Subdirectory Restriction which in turn exists in the Directory Limit.
  • A Subdirectory Restriction does not Limit Access, it Limits Management of Content. Once you have set up a Subdirectory Restriction, the associated upload account can still be used to navigate to, and view content in any subdirectory off of its established root (either what you have set as the Directory Limit, or the actual CP code root, if one was not set). A Subdirectory Restriction limits the upload account’s ability to manage content (upload, download, move, or delete) to the subdirectory specified.
  • Recommended Order of Operation: If combining these options, it is recommended that you implement them in the following order:
    1. Set Up a Directory Limit. To define the desired root for the upload account.
    2. Set Up Subdirectory Restrictions (if desired). This is done to limit management of content to specific directories within the defined Directory Limit.
    3. Set Up a Default Directory (if desired). A Default Directory must exist within a specified Directory Limit, and if you have set up Subdirectory Restrictions, a Default Directory must also be within one of these restrictions.

Implementation examples

These are some examples of the various combinations in a storage group. In them, “123” is the CP code used for the root.

Configured Settings Resulting Behavior
Subdirectory Restrictions 1 Default Directory 1 Directory Limit Default Login Directory Writeable Directory Trees 2 Readable Directory Trees 2
None None None /123 /123 /123
None None /123/a /123/a /123/a /123/a/
None /123/a/y None /123/a/y /123 /123
None /123/a/y /123/a /123/a/y /123/a /123/a
/123/a/x,/123/a/y None None /123 /123/a/x,/123/a/y /123
/123/a/x,/123/a/y None /123/a /123/a /123/a/x,/123/a/y /123/a
/123/a/x,/123/a/y /123/a/y None /123/a/y /123/a/x,/123/a/y /123
/123/a/x,/123/a/y /123/a/y /123/a /123/a/y /123/a/x,/123/a/y /123/a
1 Paths in Subdirectory Restrictions and a Default Directory are relative to the Directory Limit you have set, if you have set one. (If you have not set one, they are relative to the CP code root). This also applies to paths used by the “upload” action via the NetStorage Usage API.
2 All subdirectories off of the displayed path are also accessible.