Michael Leone on 6 Aug 2015 12:28:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users

On Thu, Aug 6, 2015 at 3:24 PM, Michael Lazin <microlaser@gmail.com> wrote:
> The .ftpaccess is recursive, so if you put it on a directory that's served
> up on the web it will effect directories beneath it.

Hmm! So if I made a folder structure like - /Project/<userA>,
/Project/<userB> - and put this .ftpaccess file in /Project, then it
applies to ~/<userA>, etc. Useful!

> I tested this by
> putting it in a user's public_html directory on a debian server and
> attempting to transfer a file as that user via scp.  I got permission
> denied.  I have used ftp access files many times to limit ftp users rights
> but was unsure if it worked with scp too.  Apparently it does.  It does not
> prevent the user from connecting via ssh and deleting it however, unless it
> belonged to root or another user or group they don't have rights to.

Hrm. There's an issue - apparently we'd prefer them NOT to be able to
delete the files, either. We put the file; they read (i.e., download)
it; we come back and delete it.
Lather, rinse, repeat.

I may need to set the perms on each file I put out there to be
read-only for that user, and read-write for the group I am logged in
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug