I have a question. I have a RH server that we use for SFTP transfers (meaning: clients put files there for us to take out). Now, I need to set up some users for the exact opposite - we will put files in their directories for them to download, but we do *not* want them to be able to put files into these directories.
And I am confused on how best to go about that. We are running OpenSSH 4.3p2 on the box. This is not chrooted.
I *think* what I need to do is set their home directory permissions to allow read only to their ID and group.
What I can't do is screw up the existing users sending us files. :-) this setup has been working fine for like 5 years. Or not screw it up for the existing users, I should say - can't change anything that is currently working.
So: I will be creating new users, who will be SFTP into us, each into their own directory, and they can only download, not upload. I see (I think) that I can use a "match groupname" and have SSH chroot only the users in that group, and while that is useful, it doesn't solve my problem (I don't think).
Thoughts? Pointers?