| Michael Leone on 10 May 2012 09:25:34 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] chrooting SFTP? |
On Thu, May 10, 2012 at 12:21 PM, Jon Mosco <jonny.mosco@gmail.com> wrote: > Assuming that from the windows world that you were able to do this in, you > used ACLs? Yes, I would have the various users/groups each listed with different ACL rights. Easiest is RO or RW, but I can limit things like directory traversal, altho I don't think that helps me in this case. > > > On Thu, May 10, 2012 at 12:21 PM, Jon Mosco <jonny.mosco@gmail.com> wrote: >> >> You could use the ACLs then. Check out setfacl, and getfacl, I think it >> will do exactly what your looking for. >> >> On Thu, May 10, 2012 at 12:18 PM, Michael Leone <turgon@mike-leone.com> >> wrote: >>> >>> Hmmm ... my Open-SHH version is less than the 5.0 mentioned in these >>> articles. And I don't want to/can't use upgrade the SSH past what is >>> available for this version of SSH ... >>> >>> I've got "openssh-4.3p2-72.el5_7.5" and I don't know if it will do >>> everything these links say ... >>> >>> >>> On Thu, May 10, 2012 at 11:42 AM, jeff <jeffv@op.net> wrote: >>> > On 05/10/2012 11:25 AM, Michael Leone wrote: >>> >> >>> >> So what would I need to do to secure this a bit more? So they they >>> >> couldn't move up the tree and over to other folders, for example? >>> >> Should I chroot it, or would that be very difficult to implement after >>> >> the fact, as it were? >>> >> >>> > >>> > >>> > solderintheveins.co.uk/2011/03/ubuntu-sftp-only-account-how-to >>> > interesting article on creating sftp-only accts >>> > >>> > howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny >>> > helped me >>> > >>> > don't know RH so not sure if it crosses over - good luck. >>> > >>> > >>> > >>> > ___________________________________________________________________________ >>> > Philadelphia Linux Users Group -- >>> > http://www.phillylinux.org >>> > Announcements - >>> > http://lists.phillylinux.org/mailman/listinfo/plug-announce >>> > General Discussion -- >>> > http://lists.phillylinux.org/mailman/listinfo/plug >>> >>> >>> >>> -- >>> >>> BREAKFAST.SYS halted. Cereal port not responding. >>> >>> ___________________________________________________________________________ >>> Philadelphia Linux Users Group -- >>> http://www.phillylinux.org >>> Announcements - >>> http://lists.phillylinux.org/mailman/listinfo/plug-announce >>> General Discussion -- >>> http://lists.phillylinux.org/mailman/listinfo/plug >> >> > > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > -- BREAKFAST.SYS halted. Cereal port not responding. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug