complex acl (in my opinion anyway...) question
dear list. I want to provide my users with sftp (via ssh2) remote access to their files, without allowing them to browse through the filesystem on that server. I already know how to disable shell access. (set shell to /usr/lib/shh/sftp-server for normal users works perfectly) Is there a way, using posix acl I guess, to DENY access to all directories, except a few? So, maybe create a group (mortal_users..?) and put a deny acl to all directories, except /home. Would this work? Would this be a good approach? And what would the setfacl command be do DENY access for a certain group? (all examples only talk about granting certain permissions for certain groups) Thanks very much for any clues and help. Mourik Jan --- email: echo ude.unu.hcetni@knipueh | rev
Is there a way, using posix acl I guess, to DENY access to all directories, except a few?
So, maybe create a group (mortal_users..?) and put a deny acl to all directories, except /home.
Do you even need to be fancy if all the directories are configured to be invisible/inaccessible outside the group and owner? Surely it is then enough to make the outside users belong to a different group?
---
email: echo ude.unu.hcetni@knipueh | rev
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-- Andrew Brown What I do: www.darwinwars.com What I'm up to: www.thewormbook.com/helmintholog/
participants (2)
-
Andrew Brown
-
Heupink, Mourik Jan C.