Group Management

Groups in CompleteFTP provide an efficient way to manage permissions and settings for multiple users simultaneously. Instead of configuring each user individually, you can assign users to groups and manage permissions at the group level.

Overview

CompleteFTP group management includes:

Group creation - Creating and configuring user groups
Member management - Adding and removing users from groups
Permission inheritance - How group settings affect member users
Group-based access control - Using groups for folder permissions
Administrative efficiency - Simplifying user management through grouping

All group operations use the completeftp group command group.

Understanding Groups in CompleteFTP

Group Purpose

Groups serve several important functions:

Permission management - Apply consistent permissions to multiple users
Administrative efficiency - Manage many users through group membership
Access control - Control folder access based on group membership
Organizational structure - Reflect company departments or roles
Scalability - Easily manage growing numbers of users

Group vs. Individual Settings

Group settings - Applied to all group members
Individual settings - Override group settings for specific users
Inheritance - Users inherit group permissions and settings
Precedence - Individual user settings take priority over group settings

Viewing Group Information

List All Groups

# List all groups
completeftp group list

# Show group details in list format (requires specific group name)
completeftp group show <groupName>

Show Group Details

# Show details of a specific group
completeftp group show developers

# Show multiple groups (must be done separately)
completeftp group show developers
completeftp group show managers
completeftp group show users

Creating and Managing Groups

Creating Groups

# Create a simple group
completeftp group add developers

# Create group with initial members
completeftp group add marketing alice bob charlie

# Create multiple groups
completeftp group add developers
completeftp group add managers
completeftp group add contractors

Removing Groups

# Remove a group (members remain, just lose group membership)
completeftp group remove contractors

# Remove multiple groups (must be done separately)
completeftp group remove old_group
completeftp group remove temp_group

Note: Removing a group doesn't delete the users who were members; they simply lose their group membership.

Group Membership Management

Viewing Group Members

# List members of a specific group
completeftp group memberlist developers

# List members of multiple groups (must be done separately)
completeftp group memberlist developers
completeftp group memberlist managers

Adding Members to Groups

# Add a single user to a group
completeftp group memberadd developers alice

# Add multiple users to a group
completeftp group memberadd developers bob charlie diana

# Add user to multiple groups
completeftp group memberadd developers alice
completeftp group memberadd managers alice
completeftp group memberadd users alice

Removing Members from Groups

# Remove a single user from a group
completeftp group memberremove developers alice

# Remove multiple users from a group
completeftp group memberremove developers bob charlie

# Remove user from multiple groups
completeftp group memberremove developers alice
completeftp group memberremove managers alice

Group-Based Access Control

Groups are primarily used for folder access control in CompleteFTP's virtual file system.

Folder Permissions with Groups

# Set group as folder owner
completeftp folder chown /Projects group developers

# Set folder permissions for a group
completeftp folder chmod /Projects group rwx

# Set different permissions for different groups
completeftp folder chown /Marketing group marketing
completeftp folder chmod /Marketing group rw

completeftp folder chown /Public group users
completeftp folder chmod /Public group r

Permission Types

Available permissions for groups:

r - Read (list files, download)
w - Write (upload, modify files)
x - Execute (access directories)
d - Manage directories (create/delete folders)
i - Ignore filters (bypass file name filters)

Common Permission Scenarios

# Full access for developers
completeftp folder chmod /Development group rwxd

# Read-only access for users
completeftp folder chmod /Documentation group r

# Read-write access for marketing
completeftp folder chmod /Marketing group rw

# Upload-only access for contractors
completeftp folder chmod /Uploads group w

Group Management Workflows

Department-Based Groups

# 1. Create department groups
completeftp group add engineering
completeftp group add marketing
completeftp group add sales
completeftp group add hr

# 2. Add users to appropriate departments
completeftp group memberadd engineering alice bob charlie
completeftp group memberadd marketing diana eve frank
completeftp group memberadd sales george helen ivan
completeftp group memberadd hr jane karen

# 3. Set up department folders with appropriate permissions
completeftp folder add /Departments/Engineering OS path=/var/ftp/engineering
completeftp folder add /Departments/Marketing OS path=/var/ftp/marketing
completeftp folder add /Departments/Sales OS path=/var/ftp/sales
completeftp folder add /Departments/HR OS path=/var/ftp/hr

# 4. Configure folder permissions
completeftp folder chown /Departments/Engineering group engineering
completeftp folder chmod /Departments/Engineering group rwxd

completeftp folder chown /Departments/Marketing group marketing
completeftp folder chmod /Departments/Marketing group rwxd

completeftp folder chown /Departments/Sales group sales
completeftp folder chmod /Departments/Sales group rwxd

completeftp folder chown /Departments/HR group hr
completeftp folder chmod /Departments/HR group rwxd

Role-Based Groups

# 1. Create role-based groups
completeftp group add administrators
completeftp group add power_users
completeftp group add regular_users
completeftp group add read_only_users

# 2. Assign users to roles
completeftp group memberadd administrators admin_alice admin_bob
completeftp group memberadd power_users power_charlie power_diana
completeftp group memberadd regular_users user_eve user_frank user_george
completeftp group memberadd read_only_users readonly_helen readonly_ivan

# 3. Set up role-based folder structure
completeftp folder add /Admin OS path=/var/ftp/admin
completeftp folder add /PowerUsers OS path=/var/ftp/powerusers
completeftp folder add /Users OS path=/var/ftp/users
completeftp folder add /Public OS path=/var/ftp/public

# 4. Configure permissions by role
completeftp folder chown /Admin group administrators
completeftp folder chmod /Admin group rwxdi

completeftp folder chown /PowerUsers group power_users
completeftp folder chmod /PowerUsers group rwxd

completeftp folder chown /Users group regular_users
completeftp folder chmod /Users group rw

completeftp folder chown /Public group read_only_users
completeftp folder chmod /Public group r

Project-Based Groups

# 1. Create project groups
completeftp group add project_alpha
completeftp group add project_beta
completeftp group add project_gamma

# 2. Add team members to projects
completeftp group memberadd project_alpha alice bob charlie
completeftp group memberadd project_beta diana eve alice  # Alice works on multiple projects
completeftp group memberadd project_gamma frank george bob

# 3. Set up project folders
completeftp folder add /Projects/Alpha OS path=/var/ftp/projects/alpha
completeftp folder add /Projects/Beta OS path=/var/ftp/projects/beta
completeftp folder add /Projects/Gamma OS path=/var/ftp/projects/gamma

# 4. Configure project permissions
completeftp folder chown /Projects/Alpha group project_alpha
completeftp folder chmod /Projects/Alpha group rwxd

completeftp folder chown /Projects/Beta group project_beta
completeftp folder chmod /Projects/Beta group rwxd

completeftp folder chown /Projects/Gamma group project_gamma
completeftp folder chmod /Projects/Gamma group rwxd

Advanced Group Management

Hierarchical Group Structure

While CompleteFTP doesn't support nested groups directly, you can simulate hierarchy through naming conventions:

# Create hierarchical group names
completeftp group add company_all
completeftp group add company_employees
completeftp group add company_contractors
completeftp group add engineering_all
completeftp group add engineering_senior
completeftp group add engineering_junior
completeftp group add marketing_all
completeftp group add marketing_managers
completeftp group add marketing_staff

# Add users to multiple groups for hierarchy
completeftp group memberadd company_all alice bob charlie diana
completeftp group memberadd company_employees alice bob charlie
completeftp group memberadd company_contractors diana
completeftp group memberadd engineering_all alice bob
completeftp group memberadd engineering_senior alice
completeftp group memberadd engineering_junior bob

Temporary Groups

# Create temporary groups for specific purposes
completeftp group add temp_project_x
completeftp group add temp_contractors_q1
completeftp group add temp_training_group

# Add members for temporary access
completeftp group memberadd temp_project_x alice bob temp_contractor1

# Set up temporary folders
completeftp folder add /Temp/ProjectX OS path=/var/ftp/temp/projectx
completeftp folder chown /Temp/ProjectX group temp_project_x
completeftp folder chmod /Temp/ProjectX group rwxd

# Clean up when no longer needed
completeftp group remove temp_project_x
completeftp folder remove /Temp/ProjectX

Cross-Functional Groups

# Create cross-functional groups
completeftp group add cross_team_leads
completeftp group add cross_security_team
completeftp group add cross_backup_admins

# Add members from different departments
completeftp group memberadd cross_team_leads eng_lead marketing_lead sales_lead
completeftp group memberadd cross_security_team security_alice it_bob compliance_charlie
completeftp group memberadd cross_backup_admins admin_diana ops_eve

Troubleshooting Group Issues

Common Group Problems

Group Not Found

# Check if group exists
completeftp group list | grep "groupname"

# Create group if it doesn't exist
completeftp group add groupname

User Not in Expected Group

# Check user's group memberships
completeftp group list | while read group; do
  if completeftp group memberlist "$group" | grep -q "username"; then
    echo "User is in group: $group"
  fi
done

# Add user to group
completeftp group memberadd groupname username

Permission Issues

# Check folder ownership and permissions
completeftp folder show /path/to/folder access

# Verify group has correct permissions
completeftp folder show /path/to/folder access.group

# Fix group permissions
completeftp folder chown /path/to/folder group groupname
completeftp folder chmod /path/to/folder group rwx

Group Access Debugging

# Test user access to group-controlled folder
# 1. Check if user is in the group
completeftp group memberlist groupname | grep username

# 2. Check folder group ownership
completeftp folder show /path/to/folder access.group

# 3. Check group permissions on folder
completeftp folder show /path/to/folder access.group.permissions

# 4. Verify user can access the folder
# (This would require testing with actual client connection)

Best Practices

Group Design

Logical grouping - Create groups that reflect real organizational structure
Clear naming - Use descriptive, consistent group names
Minimal groups - Don't create unnecessary groups; keep it simple
Purpose-driven - Each group should have a clear purpose
Documentation - Document group purposes and membership criteria

Membership Management

Regular audits - Review group memberships periodically
Automated processes - Use scripts for bulk operations
Departure procedures - Remove users from all groups when they leave
Temporary access - Use temporary groups for short-term access needs
Cross-training - Ensure multiple people can manage groups

Permission Strategy

Least privilege - Grant minimum necessary permissions
Consistent permissions - Use similar permission patterns across groups
Folder organization - Structure folders to align with group permissions
Regular reviews - Audit group permissions periodically
Change management - Document permission changes and reasons

Operational Efficiency

Standardized procedures - Develop standard processes for group management
Automation - Script common group operations
Monitoring - Track group usage and effectiveness
Training - Ensure administrators understand group concepts
Backup procedures - Document group configurations for disaster recovery

Quick Reference

Group Management Commands

# List groups
completeftp group list

# Show group details
completeftp group show <groupName>

# Create group
completeftp group add <groupName> [users...]

# Remove group
completeftp group remove <groupName>

Member Management Commands

# List group members
completeftp group memberlist <groupName>

# Add members to group
completeftp group memberadd <groupName> <users...>

# Remove members from group
completeftp group memberremove <groupName> <users...>

Folder Permission Commands

# Set folder group ownership
completeftp folder chown <path> group <groupName>

# Set group permissions on folder
completeftp folder chmod <path> group <permissions>

# View folder access control
completeftp folder show <path> access

Permission Types

# Permission letters
r = read (list files, download)
w = write (upload, modify files)
x = execute (access directories)
d = manage directories (create/delete folders)
i = ignore filters (bypass file name filters)

# Common permission combinations
r     = read-only access
rw    = read-write access
rwx   = full file access
rwxd  = full access including directory management
rwxdi = full access including filter bypass

Common Group Patterns


# Department groups
engineering, marketing, sales, hr, finance

# Role groups
administrators, managers, users, contractors, readonly

# Project groups
project_alpha, project_beta, temp_project_x

# Access level groups
full_access, limited_access, read_only, upload_only