Mailinglist Archive: opensuse-security (196 mails)
| < Previous | Next > |
limiting sftp users to specific dir
- From: Hugo <hg.list@xxxxxxxxx>
- Date: Thu, 21 Oct 2004 18:09:23 +0300
- Message-id: <6f133dde04102108092c08ad22@xxxxxxxxxxxxxx>
Hello!
I finally changed my servers from Windows to Linux (SuSE 9.1). In
windows I used to have F-Secure SSH-server (student licence) and I had
set it up so that I could access via SFTP all the system (I also had
SSH access), but others only their own directory. And what more, the
SFTP directories were defined as d:\sftp\%username%. Very clean system
with no problems for the users.
Bear with me as I probably do not know how to ask this in a simple way
and I do not know the right terms... I'll try to explain what I would
like to do (almost the same as in Windows):
With SuSE I had SSH server up and running very fast. So now I have
different types of users:
1) Me: local user, remote with SSH and X + SCP/SFTP (unlimited)
2) Family: local users, remote with SFTP limited to users home dir (or
some empty dir under it)
3) Remote family: only remote SFTP limited to some empty dir somewhere
(not necessarily under home dir)
The current situation with SuSE defaults is that if I create a user
and use WinSCP to access the server with that user, they can see just
about every file there including other users home dirs. Not good. (I
thought be default Linux was more secure...)
Also, just the complexity of all the stuff that is in the users home
dir would confuse many users. They just need to see one empty dir
where to transfer files from and to. For those that log in locally,
this dir should be under the home dir, like Documents. And the 3rd
type of users should only have access to one dir that is completely
empty except for their own files.
First question: Can this be done? (Please don't tell me I have to go
back to windows server... )
Second: how?
Sorry for not being more exact in defining the problem. Hopefully you
got the idea. I'm not new to computers and I'm quite happy to edit
config files... except that this time I didn't find what to edit
(sshd_conf doesn't seem to have options for limiting users like this).
--
HG
I finally changed my servers from Windows to Linux (SuSE 9.1). In
windows I used to have F-Secure SSH-server (student licence) and I had
set it up so that I could access via SFTP all the system (I also had
SSH access), but others only their own directory. And what more, the
SFTP directories were defined as d:\sftp\%username%. Very clean system
with no problems for the users.
Bear with me as I probably do not know how to ask this in a simple way
and I do not know the right terms... I'll try to explain what I would
like to do (almost the same as in Windows):
With SuSE I had SSH server up and running very fast. So now I have
different types of users:
1) Me: local user, remote with SSH and X + SCP/SFTP (unlimited)
2) Family: local users, remote with SFTP limited to users home dir (or
some empty dir under it)
3) Remote family: only remote SFTP limited to some empty dir somewhere
(not necessarily under home dir)
The current situation with SuSE defaults is that if I create a user
and use WinSCP to access the server with that user, they can see just
about every file there including other users home dirs. Not good. (I
thought be default Linux was more secure...)
Also, just the complexity of all the stuff that is in the users home
dir would confuse many users. They just need to see one empty dir
where to transfer files from and to. For those that log in locally,
this dir should be under the home dir, like Documents. And the 3rd
type of users should only have access to one dir that is completely
empty except for their own files.
First question: Can this be done? (Please don't tell me I have to go
back to windows server... )
Second: how?
Sorry for not being more exact in defining the problem. Hopefully you
got the idea. I'm not new to computers and I'm quite happy to edit
config files... except that this time I didn't find what to edit
(sshd_conf doesn't seem to have options for limiting users like this).
--
HG
| < Previous | Next > |