[PLUG] chrooting SFTP?

[Michael Leone <turgon@mike-leone.com>]

I'll admit to being slow today (as if today was different from any
other day ...). Anyways, we run a SSH server here, so that vendors can
send us invoices via SFTP. (at least it's encrypted, and better than
FTP)

So right now they SFTP us data.

So what would I need to do to secure this a bit more? So they they
couldn't move up the tree and over to other folders, for example?
Should I chroot it, or would that be very difficult to implement after
the fact, as it were?

And as an aside, is there a way to set the security on their home
directories so that they can't delete files, only add them. What we do
is run a script (as a user who is a member of the same group as the
user home directory) and clear the directory every night, after
copying out the file. I would want that account to be able to delete
the files in there, but not the actual user account.

I know how I would do that in Windows, but not in Linux.

This would be RHEL 5.7, BTW.

Thanks

-- 

BREAKFAST.SYS halted. Cereal port not responding.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug