Michael Leone on 6 Aug 2015 11:47:51 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Setting SFTP restrictions to download only, but only for certain users


I have a question. I have a RH server that we use for SFTP transfers (meaning: clients put files there for us to take out). Now, I need to set up some users for the exact opposite - we will put files in their directories for them to download, but we do *not* want them to be able to put files into these directories.

And I am confused on how best to go about that. We are running OpenSSH 4.3p2 on the box. This is not chrooted.

I *think* what I need to do is set their home directory permissions to allow read only to their ID and group.

What I can't do is screw up the existing users sending us files. :-) this setup has been working fine for like 5 years.  Or not screw it up for the existing users, I should say - can't change anything that is currently working.

So: I will be creating new users, who will be SFTP into us, each into their own directory, and they can only download, not upload. I see (I think) that I can use a "match groupname" and have SSH chroot only the users in that group, and while that is useful, it doesn't solve my problem (I don't think).


Thoughts? Pointers?


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug