Do I have an option to forbid a user group or a sftpuser to set chmod +x?
The user shall be allowed to upload media files, but no php scripts to run for example.
Asked
Active
Viewed 607 times
1
-
If the user has access to your machine then the user is able to run chmod. You could use AppArmor to prevent a syscall that is triggered by chmod but then it might destabilize you system. You can try and set the umask to the uploading directory as it suits you. – Valentin Bajrami Jan 17 '13 at 08:22
-
1PHP scripts don't need to have the executable bit set to be interpreted (in most cases). – faker Jan 17 '13 at 08:29
1 Answers
0
Yes : You can use a dedicated partition for sftpuser.
Once done, just disable executables on this partition ("noexec" in /etc/fstab).
This would look like :
/dev/examplevg/sftpuser /home/sftpuser ext3 defaults,noexec 1 2
Note that also have to chroot sftpuser and since sftpuser just needs to upload php files, it is also a good idea to restrict the account to sftp : chroot + only sftp
