Re: [PLUG] Setting SFTP restrictions to download only, but only for cert

Michael Leone on 7 Aug 2015 06:14:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users

From: Michael Leone <turgon@mike-leone.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
Date: Fri, 7 Aug 2015 09:13:33 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mike-leone.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=D8EkOFJ2O189LYGPUhOGqv2E+oZD6bkMD2M58lT20Vs=; b=iQ6eEOIcpm1ZEPtQQJ12iEBDXtLaiCbXbcyksxejabGFaEe2X3IuvISw76Ad33PsOT 7gbzuLWLXvaqFjeCZhnVz+RHUU0LTVfZ6ig0ZNgGkbnkXWwsH6/U8y8Se2v7VzdD0yKw S2vjluIpbj7pLEbm4ECpJEWm1BF0WyVDF4LZA=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

OK, so I will admit that these days, I'm pretty much a Windows and
VMware admin, don't do a lot of Linux. I know how I would do it in the
other OS, so I would appreciate somebody verifying this, before I turn
it loose on my one and only SFTP server .. the concepts should be
pretty much the same.

I need the users to have a home directory where they have only
read-only access, but I - as "SupremeAdmin" user, have read-write
access, so I can leave files for the users to download via SFTP.

Here's what I am thinking:

I will eventually be using my account, "SupremeAdmin" (no, that's not
it's real name :-)). I create a structure called "/Project". I verify
that group rights are RW (the group being my "SupremeAdmin" group). So
now this directory structure is RW for me, alone.

I create new users, specifying their home directory as
"/Project/<user>". I do *not* add the user to my "SupremeAdmin" group.
I then remove their write access to their home directory (chmod u-w).

How do I get my group "SupremeAdmin" to have RW rights into
"/Project/<user>"? When I create "/Project/<user>", won't the group
attached to that directory be the group the user is in?

Will that do it? When the users connect via SFTP, they will go right
to their home directory "/Project/<user>". They will be able to get
there? They won't need R access to :/Project", to be able to access
something under "/Project"?

As for the rest, I can write a file for the user into their home
directory, and they can SFTP in and download it. But they *won't* be
able to delete said file, nor create new files (as they don't have W
access in that directory).

What am I missing, so far?
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
  - From: Michael Leone <turgon@mike-leone.com>

References:
- [PLUG] Setting SFTP restrictions to download only, but only for certain users
  - From: Michael Leone <turgon@mike-leone.com>
- Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
  - From: Michael Lazin <microlaser@gmail.com>
- Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
  - From: Matt Mossholder <matt@mossholder.com>
- Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
  - From: Paul DiSciascio <thenut@bytemonkey.net>
- Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
  - From: Michael Leone <turgon@mike-leone.com>
- Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
  - From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
Next by Date: Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
Previous by thread: Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
Next by thread: Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users
Index(es):
- Date
- Thread