Starting with version 12.11now has the ability for a user to delete the contents of a public share when the share itself has expired. There is an additional feature for both the Web Administration and the Web Client to be able to delete the contents of a public share when the share is revoked.
About the New Feature
Users have requested a way to remove files when they have been shared as a way to not need to manually delete shared files. A user could copy files for a client to download, and once the share expires, have the duplicate files deleted without needing to worry about remembering to remove the copy. As this feature leverages existing virtual directory permissions, administrators can be confident that this feature won’t allow a user to delete a file they shouldn’t be able to delete. Cerberus FTP runs as a specific service user account, so AD users may have file system level access issues. Administrators may want to disable this feature via a new checkbox for these users.
Web Client User Experience
This new feature changes the Web Client user’s public share workflow. Once the user starts the share process by selecting the file or folder to be shared the share wizard will appear. This dialog titled “Share the Selected Item?” has a new checkbox option on the second tab, Options / Clean Up / “Delete Shared Files on Expiration”.
As seen above, the wizard will warn and alert the user that their files being shared will be removed when the share expires.
Managing public shares is similar in function to before. On the Share page, a Web Client user may view their shares, with the highlighted trash can icon signifying that the files will be deleted on expiration. This new setting can be modified by clicking on either the blue edit button, or choosing the “Edit Link” dropdown option, then toggling the “Delete File On Expire” checkbox.
In addition to the original “Revoke Link” option, there is a new option to “Revoke Link & Delete Files” that removes a public share when it’s no longer needed and removes the corresponding files at the same time. Selecting ”Revoke Link” will behave as before, but the new “Revoke Link & Delete Files” option will attempt to delete the contents of the share.
Cerberus FTP will attempt to confirm that this revoke was intentional and not a miss-click. After which, a deletion attempt will be made in the context of the Web Client user account, such that if the permission of the virtual directory does not allow deletions, the files will not be deleted. Cerberus FTP will remove the public share in either case, but provide an error notifying the user that they did not have permission to delete the files themselves.
User Manager Administrator UI Update
This feature has a two part change for Cerberus FTP administrators. First, the auto delete feature of public shares has changed from a system account / service attempt where it had full permission to delete files to a user permission deletion attempt: the Web Client user that created the public share must have the necessary virtual directory permissions for deletion. This is in line with making the Cerberus FTP managed file system more secure.
The figure above shows an example of searching for “paul.” All instances of account names containing “paul” are shown, and filtered from the total users. In addition, the account “aaa” is included, which contains “paul” in its email address. This is newly added to the filter as part of this feature.
Listener Administrator UI Update
From the User Manager / Public Shares page, we have two UI modifications. First is the addition of a checkbox in the “Default Public Share Settings” area for “Allow AD users to delete files on expiration.” Due to how AD users are implemented, Cerberus FTP is unable to fully impersonate the file system restrictions an AD user may have. Thus, some of the file system permissions and access restrictions may not be available to the service account running Cerberus FTP. The deletion attempts by this service user may not consistently succeed depending on the current network and user configurations. If this is an issue, checking this box will remove the delete files feature from expiring public shares for AD users.
The second change is to add the button to “Revoke Share & Delete Files.” This has the same behavior as the Web Client. The share will be removed either way, but with this option, files will be deleted based on the user’s virtual directory permissions.
Conclusion
Version 12.11 of Cerberus FTP introduces a way for Web Client users to delete the files from a public share after expiration automatically. This new way for users to clean up after themselves makes storage space maintenance easier for both users and administrators.
If you have any other questions or concerns, please contact us and give us feedback on your Cerberus FTP Server experience.