[Novalug] SFTP directories

Christopher Jones christopher.donald.jones@gmail.com
Fri Jul 12 10:14:30 EDT 2013


Lets say we have a company with 5 sub contractors. They should only rwx in
a folder they are assigned.

However, 2 other sub contractors need to be able to see the work of all the
other groups.

sub contractors may have numerous users.

I can do this now but the problem is the sub contractors don't start in
their own folder they start in the chroot above it. They have to cd into
it. They are giving me kickback because they dont want to have to cdir they
just want to drag and drop as soon as they connect.

Is there a directive other then chroot that you can set using Match Group
that just drops them in the write directory? Or a script that can do so?


On Fri, Jul 12, 2013 at 10:02 AM, greg pryzby <greg@pryzby.org> wrote:

> While I *think* I can see the value of what you are doing I question the
> value.
>
> sftp helps address one of the issues w/ ftp-- security. Everything is
> encrypted. Turning off anonymous makes sense also. Now the person using
> sftp is using their unix perms (like ssh) and can see what they see like
> ssh.
>
> Now, if the users don't have local home directories, I see more value.
>
> I would expect that w/ SELinux and sftp if you drop the user in
>    /dir
> they will be able to see and move to their directories and their
> directories only. Setting the group perms for the user and directory should
> do what you want. I think if in /etc/passwd you set their home to
> /dir/subdir that would accomplish the last step, but if they are going to
> locally login it will break their home directory, unless they match.
>
> Enough rambling.
>
> Why are you trying to do this? I think you are over-engineering the
> solution. sftp adds what you probably want/need if the user is allowed
> local login (ssh)
>
>
>
>
> On Fri, Jul 12, 2013 at 9:50 AM, Christopher Jones <
> christopher.donald.jones@gmail.com> wrote:
>
>> I just build an SFTP server and chroot all the users to a dirctory.
>> Within that directory different users access to different folders by group.
>> So user1 is chroot to /dir/ and only has access to /dir/subidr1 because its
>> part of a group subdir1.
>>
>> How can I make it so that the chroot is still there but users start in a
>> sub-directory by group?
>>
>> I don't want to jail them in that sub-directory by group because some
>> users will have to be a member of multiple groups to gain access to the
>> folders.
>>
>>
>>
>> --
>> Chris Jones
>> RHCSA
>>
>>
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/mailman/listinfo/novalug
>>
>>
>
>
> --
> greg pryzby                              greg at pryzby dot org
> http://www.linkedin.com/in/gpryzby
>
> TWTR: gpryzby
> WEB:  http://www.MakeRoomForArt.com/
> BLOG: http://www.ryqyrmedia.com/ (son's)
>



-- 
Chris Jones
RHCSA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20130712/da2498e0/attachment.htm>


More information about the Novalug mailing list