Shares

Secure File Sharing

Securely sharing directories from individual servers or desktops has never been simpler. No VPN, no ransomware. No client to install.

Theory of Operation

General Steps

The Secure File Sharing is facilitated by an Agilicus Connector on the host(s) you have files you wish to access. Creating this is very simple, the only configuration option is a name.

Once the Connector is installed, you can later add new directories to share, modify who has access, and remove the share entirely, all from the admin user interface. The Connector will automatically keep itself up to date and pick up new configuration. Set it and forget it.

To create a new Share, you will walked through the steps in the Admin web interface. First, select the Connector you have previously installed. You may have multiple shares on the same Connector.

Now we give the Share a web URI name. This is something that will show up for the end-user, they will be given instructions to mount something like https://file…/NAME.

You must also configure a globally-unique name for this Share. You will see this in the Administrative interface, in the audit interface, etc. These may be the same if you wish.

We will now supply a “Local directory”. This is the directory on the machine the Agent Connector is installed on. See the note below on permision, it is important that the Agent Connector have access to it.

At this stage we are complete. As an administrator you will be given instructions on how to mount the Share, which you may use to test it is working correctly. Generally, each user in your organisation will use Profile in order to request and use a Share.

To mount the Share, there are 3 parameters:

• URL. This will look like https://files.YOURDOMAIN/URI-NAME
• Username: this will be the email-address you use with the Agilicus system (e.g. your Active Directory login, your Google Login, etc)
• Password: this will be an access token. This is generated for each user independently. End users may request access, or request an Access Token via Profile.

The Profile interface will give these parameters to each user.

Permissions, Access Control

Permissions work similarly to Applications. Each Share has 3 main permissions (Owner, Editor, Viewer). Users may be individuall granted permissions per share, or, Groups may be used. We recommend Group-based access.

Access Request

Linux Specific

Permissions

The Agilicus Connector runs as an unprivileged system user. This means that, by default, it will not have permission to read files in a shared directory created by you. To give it access, create a group whose purpose is to group users who have permission to read and write shared files on the machine. Add the agilicus user to the group, then give that group permission to access the shared folder.

# Set up the shares group and add the agilicus user to it
sudo addgroup shares
sudo usermod -a -G shares agilicus

# Configure the share and all files within it to allow access to the shares group
sudo chgrp -R shares my-shared-directory
sudo chmod -R g+srw my-shared-directory

# Ensure files created by the agent and other users have the proper permissions
sudo setfacl -d -m g::rwx my-shared-directory

Windows Specific

A Share may be mounted using the Windows Explorer, just like any other Share. No special software needs to be installed. You will need the 3 parameters

Automatic Mounting

For end users with the Agilicus Launcher installed on the desktop, a Share can be automatically mounted/refreshed. This is particularly useful in conjunction with Multi-Factor authentication. In those mode, a ‘drive-letter’ or ‘mount path’ is configured as per below image, and the Share will automount for each user.