Michael Leone on 6 Aug 2015 11:47:51 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Setting SFTP restrictions to download only, but only for certain users

I have a question. I have a RH server that we use for SFTP transfers (meaning: clients put files there for us to take out). Now, I need to set up some users for the exact opposite - we will put files in their directories for them to download, but we do *not* want them to be able to put files into these directories.

And I am confused on how best to go about that. We are running OpenSSH 4.3p2 on the box. This is not chrooted.

I *think* what I need to do is set their home directory permissions to allow read only to their ID and group.

What I can't do is screw up the existing users sending us files. :-) this setup has been working fine for like 5 years.  Or not screw it up for the existing users, I should say - can't change anything that is currently working.

So: I will be creating new users, who will be SFTP into us, each into their own directory, and they can only download, not upload. I see (I think) that I can use a "match groupname" and have SSH chroot only the users in that group, and while that is useful, it doesn't solve my problem (I don't think).

Thoughts? Pointers?

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug