Section | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description |
---|---|---|---|---|
Maintenance Folder Path *Cannot *be changed with reload (requires restart) | Shows the current location of the Server Maintenance Folder. | |||
Maintenance Folder ID *Cannot *be changed with reload (requires restart) | plugin.server.maintenancefolderid |
| Defines the ID of the Server Maintenance Folder. Please only modify the value if preparing the servers to run in a high availability setup. | |
Cluster Config Synchronisation Setting not yet available via web *Cannot *be changed with reload (requires restart) | config.cluster | true |
| Enables synchronisation of cluster settings via Server Maintenance Folder (Cluster.config). |
...
Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description | |||||
---|---|---|---|---|---|---|---|---|---|
Database user account defaults | A link to the profile for database users. | ||||||||
LDAP user account defaults | A link to the profile for LDAP users. | ||||||||
RADIUS user account defaults | A link to the profile for RADIUS users. | ||||||||
Account validity (days) | server.register.os.days | -1 |
| Defines the default number of days a new account should be valid. | |||||
Register language Setting not yet available via web | server.register.language | Not set, uses system language | See description | Can be set to a two letter language code to set language for new accounts e.g. server.register.language=de | |||||
Login script to use | login.script |
| Will be executed after each user login / authentication via client or web portal. Example: login.script=http://myserver/process_login.php The server will add an entry to the log if the script was executed successfully or not. On Linux it's possible to pass messages to stdout and stderr, so they will be added to the logs. Example:
| ||||||
Wait for login script | login.script.wait | false |
| Controls if other server processes will wait for the login script to finish. | |||||
Login type to use | server.username.isemail | both |
| Controls:
The setting also applies to LDAP, so users are forced to use either the mail or userPrincipalName attribute (or any other attribute including an email-like value) if | |||||
Invites per email | server.invite.validate_email.enabled |
|
| Controls that the invitations should only be send to email addresses not usernames only | |||||
Message if user account has expired | server.register.account_expired | Your account is invalid |
| A message to the user, if his/her account has expired. | |||||
Message if user account is not yet valid | server.register.account_not_yet_valid | Your account is not valid yet |
| A message to the user, if his/her account is not yet valid. |
...
Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description |
---|---|---|---|---|
Enable RADIUS authentication | Controls if RADIUS support will be enabled in the server. | |||
RADIUS hostname | radius.server | Example:
| Specifies the hostname and (optional) port for the RADIUS server. | |
RADIUS shared secret | radius.sharedsecret | Specifies the shared secret for communication with the RADIUS server. | ||
RADIUS protocol | radius.auth | PEAP |
| Specifies the proctol to use for communication with the RADIUS server. |
RADIUS timeout | radius.timeout.seconds | 30 | Specifies when RADIUS server communication should time out. |
...
Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description |
---|---|---|---|---|
Enable Shibboleth authentication | shibboleth.enabled | false |
| Controls if Shibboleth support will be enabled in the server. |
Federation Metadata URL | shibboleth.metadata.url |
| Defines the URL to receive the Metadata from. | |
Discovery Feed URL | shibboleth.serviceprovider.url |
| Defines the URL to the Discovery Feed. | |
Enable organization mapping | shibboleth.create.organizations | true |
| Controls if Shibboleth organizations should be mapped to PowerFolder organizations. |
Organization attribute | shibboleth.organizations.attribute | o |
| Defines the organization attribute. |
Auto-create organizations on login | shibboleth.create.organizations | true |
| Controls if organizations created automatically on login. |
Session-Identifier (ID) attribute | shibboleth.attribute.sessionid | Shib-Session-ID |
| Defines the Session-Identifier attribute. |
Persistent-Identifier (ID) attribute | shibboleth.attribute.persistentid | persistent-id,uniqueID |
| Defines the Persistent-Identifier (ID) attribute. |
Username attribute | shibboleth.attribute.username | eppn,EPPN,eduPersonPrincipalName |
| Defines the Username attribute. |
Mail attribute | shibboleth.attribute.mail | mail,email |
| Defines the Mail attribute. |
Match accounts by mail attribute | shibboleth.accounts.match_email | true |
| Controls if accounts are matched by mail attribute. |
Given name attribute | shibboleth.attribute.givenname | givenName |
| Defines the Given name attribute. |
Surname attribute | shibboleth.attribute.surname | surname,sn |
| Defines the Surname attribute. |
Expiration attribute | shibboleth.attribute.expiration |
| Defines the Expiration attribute. | |
Custom attribute 1 | shibboleth.attribute.custom1 | affiliation,eduPersonScopedAffiliation |
| Defines the Custom attribute 1. |
Custom attribute 2 | shibboleth.attribute.custom2 |
| Defines the Custom attribute 2. | |
Custom attribute 3 | shibboleth.attribute.custom3 |
| Defines the Custom attribute 3. | |
Discovery feed URL | server.idp.disco_feed.url | A valid URL. | Loads the identity provider list from this URL. Identity providers are selectable by end-users for login. | |
Names of external organizations | server.idp.external_names |
| Defines the names of external organizations added to the identity provider list loaded from the discovery feed. Selecting any organization of this list during login will authenticate the user vs. non-SAML sources, such as LDAP, Database or RADIUS if setup. If an exclamation mark is added in front of the organization name, password recovery won't be available for that organization (e.g. LDAP). |
...
Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description | |||
---|---|---|---|---|---|---|---|
Storage migration during uptime | Defaultstorage | pathfoldersbase |
| Example: foldersbase=D:\PowerFolders .stickyness.accounts= |
|
| Controls that the base path of the folder can be updated in server uptime |
Folders remain in a same base path | folder.storage.path.check= | true |
| Controls that the user folder will remain in the same folder base path when there are more than one base paths available in a cluster or single-server | |||
Default storage path | foldersbase |
| Example:
| The directory on your disk, which is used by PowerFolder Server to store new folders. | |||
Add new folders in the default storage path automatically | look.for.folder.candidates | false |
| Controls if a new folder in the default storage path should be automatically managed by the server. | |||
Create user-based directory scheme | create.folder.path.pattern | $username/$foldername | Example:
| Sub-directory pattern relative to the folderbase directory of the server. Two placeholders are possible: $username will be replaced by the username of the user who creates a folder. $foldername will be replaced by the name of the folder the user creates. | |||
Delete non-managed folders from default storage path | plugin.server.folders.auto_remove | false |
| Controls if the server should move unused folders (not assigned to any existing user) from its folderbase to a sub-directory in the folderbase, which is called BACKUP_REMOVE . The check runs every hour. The contents of the BACKUP_REMOVE directory have to be deleted manually. | |||
Move folders to backup directory when users delete them | server.folders.delete_data | true |
| Controls how to handle removals of folders by a user (owner or admin of a folder) in the client or the web interface. By default the server moves the contents/files to a directory called | |||
Mount folders dynamically in high-availability setups *Cannot *be changed with reload (requires restart) | folders.mount.dynamic | false |
| Controls if folders will only be actively managed if the folder is really served by the same node. Not compatible with create.folder.use.existing=FALSE Data loss occurs! | |||
Use existing folders with the same name | create.folder.use.existing | true |
| Controls if the server should delete an existing folder if a client tries to create a new one with the same name. Otherwise the server creates new empty directories appending numbers, like (2),(3),... Does not backup the contents of the existing folder if enabled. | |||
Preserve NTFS filesystem permissions | folder.copy_after_transfer.enabled | false |
| Controls if a transfered file is moved from the temporary transfer directory. If enabled the transfered file will be copied and deleted from the temporary transfer directory. | |||
Use filesystem API to watch for changes *Cannot *be changed with reload (requires restart) | folder.watcher.enabled | true |
| Controls if folder changes will be recognized using filesystem APIs. If disabled, changes will be detected only if the folder is accessed by a client. | |||
Recovery of 0 byte files and deleted files by server | recover.zero_byte.files |
Default in PowerFolder version 10.6/11 is |
| Enables users the option to recover 0 byte files and deleted files by PowerFolder server. | |||
Setting not yet available via web | storage.stickyness.accounts | false |
| Keeps one user account sticked to the same storage path, if multiple storage paths are configured. | |||
Storage Path Check | folder.storage.path.check folder.storage.path.report | false |
| Checks periodically if the folder path on server storage still is correctly for this user. E.G. If the ownership rights of a folder are transferred to another user, this function moves the folder into the correct directory on the server to keep the data structure clear for administrative purposes. folder.storage.path.report is only demo mode. Only writes the log entrys but doesn't move files or folders. Available with version 11.4 or higher |
...
Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description |
---|---|---|---|---|
Setting not available via web for security reasons! | security.permissions.server_admin_folder_access | true |
| Defines, if an Administrator is allowed to access all folders of a server installation. If set to |
Automatically remove folder that are not synced to the server | server.sync.mandatory= | true |
| Controls that no unnecessary folder be synced to the server |
Allow passing folder ownership | folder.change_owner.allowed | true |
| Controls if it is allowed to change the owner of a folder. |
Enable folder admin role | security.permissions.show_folder_admin | true |
| Controls if the ADMIN permission on folder level should be available in the web interface and clients. Existing permissions will be left untouched when changing the value. |
Enable group admin role | security.permissions.group_admin.enabled | true |
| Controls if group admin role is enabled. Version: 10 SP3 |
Enable folder sharing | server.invite.enabled | true |
| Defines if it should be possible for users to invite other users to their folders. |
Enable accepting new folder shares | folder.agree.invitation.enabled | false |
| Controls if users need to accept invitations first, before they are being added to the members list and have the folder listed under their folders. |
Enable link sharing | web.public.allowed | true |
| Controls if it's possible to share public links. |
Allow sharing on social networks | social.networks.enabled | true |
| Controls if sharing on social networks is enabled. Version: 10 SP3 |
Folder delete permission | security.folder.delete.permission | ADMIN |
| Defines minimum right for folder deletion. Version: 10 SP3 |
File history restore permission | security.folder.archive.permission | READ_WRITE |
| Defines minimum right for restore. Version: 10 SP3 |
Permission for shared folder via profiles | security.folder.shared.permission | READ_WRITE |
| Defines default right for folders shared via profile. Version: 10 SP3 |
Highest permission for limited users | security.folder.limited_user.permission | READ |
| Defines highest possible permission for limited user. Version: 10 SP3 |
Setting not yet available via web | security.web.csrftokens.enabled | true |
| Activates the CSRF protection. Version: 10 SP4 Starting with PowerFolder version 10 SP6 this CSRF-config-entry has been removed. By default it is now always enabled. |
...
Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description |
---|---|---|---|---|
Allow organization admin access to folders | security.permissions.org_admin_folder_access | true |
| Defines, if an Administrator of an organization is allowed to access all folders of a server installation. If set to |
Allow organizations created by users | web.org.create_by_user | false |
| Controls if a user is allowed to create an own organization. |
Maximum number of users in organization | server.register.org.max_users | 999 | Number between 0 and 999 | The maximum of users in organization created by a user. Must be less than the number of users of your license. |
Setting not yet available via web | server.register.org.inherit | true |
| If changed to server.register.org.inherit=false a new invited user is not belonging to the same organisation as the invitor |
File Link Security
Note |
---|
These settings are available in PowerFolder Server version 10.5 SP5 and 11 |
Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Description |
---|---|---|---|---|
Create random file links | file_link.random_ids.enabled= | true |
| Allow user to create always a new random file link after deletion of the old one. |
Validity time default (days) | file_link.validity.default |
| Set a default value of days a newly generated file link should be valid. Remove value if no default should be specified. | |
Validity time maximum (days) | file_link.validity.maximum |
| Set a maximum value of days that can be set for file links. If no default value is specified, the maximum value will be taken as default. Remove value if no maximum should be specified. Also sets the maximum validity of Upload Forms. | |
Number of downloads default | file_link.max_downloads.default |
| Set a default value of downloads for a file link. Remove value if no default should be specified. | |
Numer of downloads maximum | file_link.max_downloads.maximum |
| Set a maximum value of downloads for a file link. If no default value is specified, the maximum value will be taken as default. Remove value if no maximum should be specified. | |
Password Policy | file_link.password_policy | OPTIONAL |
| Specify if a password is
|
Allow Upload Links | file_link.allow_uploads | false |
| Allows external users to upload files in generated file links without registration. Available with version 11.4 or higher |
Setting not yet available via web *Cannot *be changed with reload (requires restart) | file_link.upload_mails | Valid mail address | Allows the server administrator to monitor the usage of the upload forms feature. A mail is sent to the specified mail address when a user upload any data to an upload forms. Available with version 11.4 or higher | |
Validation days for file upload links | file_link.validation_days | 1 | Sets validation days for upload links. |
...