CloudShark Support

CloudShark Users and Groups

The User Model

CloudShark supports three different user models, each providing a distinct level of access:

  • Guest access disabled: users must be logged in to upload and view capture files. By default guest access is disabled. Note that a guest is considered any visitor without a CloudShark user account. With guest access disabled, all users must log in to view or upload capture files.
  • Guest access enabled, view only: guests are allowed to view capture files that have been made public by CloudShark users. In this mode guests are not allowed to upload capture files.
  • Guest access enabled, view and upload: guests are allowed to upload capture files in addition to viewing capture files that have been made public by CloudShark users.

All non-guest users are authenticated against CloudShark’s local database or optionally against an external authentication server, as discussed in the next section.

User Authentication

CloudShark’s user and group management policy utilizes a hybrid of local and external authentication. The CloudShark user model supports local authentication using the CloudShark database or external authentication using network directory information services such as LDAP, ActiveDirectory, Kerberos, or Single Sign-On using SAML. CloudShark also maintains group membership locally or accesses group membership information using the same network directory information services.

Local and external authentication modes may be used simultaneously allowing some users to be local while others exist externally. By default external authentication is disabled. External authentication can be enabled system wide in the Authentication page of the Administration menu.

More information on configuring the CloudShark appliance for external user authentication can be found in the Configuring CloudShark for External User Authentication article.

Admin and Guest Users

The admin and guest users are special system user accounts that cannot be deleted. The admin user has full administrative control in CloudShark and can modify system wide preferences and all aspects of any file on the system. The admin user’s full name and password can be modified by editing the admin account on the User page of the Administration menu.

The guest user is a restricted, non-login account that is completely disabled by default. Guest access can be enabled by selecting the Guest Access: Allow visitors to view shared files without having to log-in option on the Settings page in the Administration menu. When guest access is enabled, guest upload functionality can also be enabled. By default guests are not allowed to upload files to CloudShark. Selecting the Guest Upload: Allow guests to upload & view captures option on the Settings page of the Administration menu enables guest upload functionality.

With guest access enabled, anonymous users are able to view and optionally upload files into CloudShark and access them in the decoder window. After a file is uploaded, the URL is listed. An anonymous user must retain this link, since only users with accounts may access the capture file index. When guest access is enabled, CloudShark users also have the option of making select capture files Public, which allows anonymous users to view the files without having to log in to the system.

Groups

Users can also be organized into groups. By default CloudShark is configured with a single Admin group containing a single user (the admin user, discussed in the previous section). CloudShark groups exist locally on the system. Group members can be a mix of local users, external users, and external groups. Specifying an external group implies that only external users that are members of that external group will have group level access.

Users can also belong to multiple groups. A user can assign a capture file to any one group they are a member of. The admin user and members of the Admin group can also assign any capture file to any group. In either case, the owner of the file will retain ownership and the group will inherit whichever permissions have been set by the owner or by any admin users.

Users within a group have either read-only or read-write permissions for capture files shared with that group. Non group members have no permissions and are not allowed to view the capture file unless guest access has been enabled and the file is made public. The admin user and members of the Admin group always have full access to all capture files, regardless of ownership.

To create a new Group, click the Add a New Group button. Local users can be added to a group when the group is initially created (if the user already exists) or after the fact from the Users page in the Administration menu. External users can only be added to the group from the Users page in the Administration menu.

Note that external users will not appear on the Users page until they have logged in to the system at least once or an Admin user creates them.

Sharing

By default, a capture file in CloudShark can only be viewed by the owner and members of the Admin group. The owner and members of the Admin group always have read-write permissions. Capture files can be shared with other users one of two ways.

Group Access

Owners and admin users can share capture files with CloudShark groups. A capture file can be associated with at most one CloudShark group. The file owner can only share a capture files with groups to which they belong; admin users can share capture files with any group. By default, shared capture files are read-only for group members. This means that annotations, tags, and comments are not editable by group members. Files can be made writable by group members by clicking the Info button on a capture file, accessing the Sharing tab, and changing the setting to Read/Write. This will allow group members to edit the file. Note that group members are still not allowed to delete the file. This permission is always reserved for the owner, the admin user, and members of the Admin group. Users can share all of their capture files with a default group on the My Account page in the Preferences menu in the top right corner.

Public Access

Capture files can be made “public” if the global guest access setting is enabled on the Settings page in the Administration menu. To make a capture file public, the owner or an admin can select the Share with Guests option in the File Info pop-up for a specific capture file. The URL for a public capture file can then be shared and will be viewable (read-only) by anyone without requiring authentication on the CloudShark system. If an admin globally disables guest access, all public capture files will no longer be public and will require user authentication before they can be viewed. Public capture files will be shown in each users capture list when they log in. If users should not be able to view all of the public capture files on CloudShark this can be disabled on the Administrator Settings page.

User Defaults

Users can be created both manually by an administrator or automatically when external authentication is enabled and an external user logs in for the first time. To modify the default user settings click on the Edit User Defaults button on the Users page.

These settings will only be applied to new user accounts that are created. They will not be applied to any existing users.

The following user settings can have default values applied for newly created users:

Group Membership

New users can automatically be added to an existing group with specific sharing settings.

If Guest Access is enabled on the Administrator Settings page then a users uploads can also be shared publicly by default.

Quotas

If User Quotas are enabled then a new user can also be created with a default quota. If no value is specified for the storage or upload limit then that type of quota will not be enabled.

User API Tokens

An API Token can also be automatically created when a new user is created.

First-Login “Splash Page”

When a user logs into CloudShark for the first time, they can be redirected to any URL the administrator chooses to show them. This may be useful for supplying additional instructions or tutorials, terms of service of the server, or a variety of other reasons.

The URL should include the scheme (http:// or https://) if you are redirecting the user to another server. Click on the “check url” link to make sure the redirection goes where you expect it to.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: