Match User user01
ChrootDirectory /home
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Match User user02
ChrootDirectory /home
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
useradd -m user01 && useradd -m user02
chmod 300 /home/user02
restart sshd daemon
[root@nod01 ~]# sftp user02@localhost
user02@localhost's password:
Connected to localhost.
sftp> cd user02
sftp> ls
remote readdir("/user02"): Permission denied
sftp> mkdir hello
In few words, the user user02 can only write and user user01 can write and
read
2014/1/4 Chris Davies <[email protected]>
> Bob Goldberg <[email protected]> wrote:
> > trying to determine best solution for an SFTP server.
>
> > vsftpd appears to be my current best choice
>
> vsftpd is "Very Secure FTP Daemon". It does FTP well (cleartext passwords
> notwithstanding). It doesn't do SFTP (file transfer over ssh).
>
>
> > users must be chroot'ed to /home/chroot/home/<username>.
> > users belong to the chroot group.
> > their home dir down, need all be group owned by chmgr.
> > home dir down; should all be chmod 770(dir)/660(files). so <user> and
> > managers (chmgr group) all have rw access to files, and rwx /dirs; with
> > other having no rights at all.
>
> > managers ideally chroot'ed to /home/chroot/home.
> > they can access all <username> folders, and transfer files in/out of
> > each.
> > they belong to the chmgr group.
>
> Sounds exactly like a job for the Match directive within a standard
> sshd_config (openssh-server).
>
> Chris
>
>
> --
> To UNSUBSCRIBE, email to [email protected]
> with a subject of "unsubscribe". Trouble? Contact
> [email protected]
> Archive: http://lists.debian.org/[email protected]
>
>
--
esta es mi vida e me la vivo hasta que dios quiera
