3
I have an SFTP server on CentOS 7.4 (through the standard sshd
), and I want to adjust the server so that users can download files in their directory, delete files in their directory, but cannot upload new files or overwrite files.
I can use chmod
to set rw
, but I don't want users to be able to upload new files or modify them, just download them.
Is there any trick I can use here? (Seems like most people want to block deletions, and allow additions / modifications, I want the opposite.)
I also have SELinux enabled and functioning, if that helps as well.
The closest I've gotten is chmod 555
, chown
for the user, but then I can't delete the file, only read it. If I chmod 755
to the directory, I can read and delete files, and I cannot modify existing files, but I can still add new files.
Also, appropriate portion of my /etc/ssh/sshd_config
:
Match Group sftpusers
ChrootDirectory /zfspool/sftp/%s
ForceCommand internal-sftp
Everything else is default. The SFTP server is:
Subsystem sftp /user/libexec/openssh/sftp-server
So adding that
-P write
to mysshd_config
didn't work, does it have anything to do with theForceCommand internal-sftp
/chroot
? – Der Kommissar – 2018-06-29T18:23:08.910indeed: updated my answer to move -P write to internal-sftp directive. – tonioc – 2018-06-30T10:43:44.057