1
1
I've set up an sftpusers group on my CentOS box and am using the internal SFTP service to allow users to upload files to a chroot-configured directory.
The owner of the directory is root, and its group is sftpusers, and they have read/write permission on it which allows them to upload files via SFTP.
What I'd like is to disallow the deletion and reading of remote files straight after they upload them, so that anything they upload is stuck there permanently, and other people using the same login can't read or delete each others' files.
So my questions:
1) Is there a way to do this using simple permissions?
2) Is there a way to set the "default permissions" of any files uploaded by a member of sftpusers group? So that once they upload a file it is automatically un-readable or whatever?
3) Is there otherwise a way to do this which doesn't involve a cron script running every minute or whatever to change the permissions?
4) Is there a way to run a script (or otherwise trigger some event) straight after a file finishes uploading? Some kind of "onFileFinishUpload" event type thing I can hook into somehow?
Cheers!
Wonderful and informative response; thank you. I will explore the options but this certainly gives me more than enough to go on with. I hope this post serves future users well, too. Cheers! – Robert Hawkins – 2012-09-01T23:41:18.220
As an update, I noticed that the internal-sftp subsystem doesn't seem to support the -u parameter. I'm using internal-sftp because this was reportedly simpler to set up with an sftp-only chroot configuration. I saw this patch which adds a -u option for internal-sftp... but do you think it would be difficult to switch to
– Robert Hawkins – 2012-09-02T00:06:36.027/openssh/sftp-server
?Specifying user for ftp (at least in vsftpd) I believe ONLY works for anonymous uploads, not for uploads by a system user. – Buttle Butkus – 2012-11-15T06:19:07.477