2
I'm setting up the SFTP with different users. I simply need to strict some users to be given stricted Folder Access.
/project/workarea/*X to be able to access only: /project/workarea/room-x/*X should not be able to access other FTP directories above.The problem is about X User only. (Folder Restriction Issue)
How to configure it please?
夏期劇場
Posted 2012-12-27T06:40:36.347
Reputation: 539
1
This is the process for constraining users to specific folders over sftp.
The first step is to use the internal sftp service within sshd, by editing /etc/ssh/sshd_config. Change it so it looks like this:
# Subsystem sftp /usr/lib/misc/sftp-server
Subsystem sftp internal-sftp
At the end, add the following, which will constrain users of the 'sftpusers' group to their home folder only:
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
%h represents their home directory.
Add user x to the sftpusers group:
useradd -G sftpusers x
Now edit /etc/passwd for user x so that their home directory is the folder they are allowed to access and also change their shell to nologin to prevent shell access:
x:x:1000:1000::/project/workarea/room-x/:/sbin/nologin
Paul
Posted 2012-12-27T06:40:36.347
Reputation: 52 173
Should the general users only have access to the Main FTP Directory, or do they have access to other directories as well? Should user X have access to any other directories outside of the /project directory? – Paul – 2012-12-27T09:03:02.617
Hi Paul, as i stated clearly above, general users will access
/project/workarea/*and onlyXuser will access only/project/workarea/room-x/*(onlyroom-xfolder and below. Not above). (Please mind the asterisks*also.) Just only to consider the issue withXuser. (No need to consider about general users and their permissions, whatever they have. You can ignore.) – 夏期劇場 – 2012-12-28T05:16:51.107