Michael Leone on 7 Aug 2015 06:44:07 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Setting SFTP restrictions to download only, but only for certain users

On Fri, Aug 7, 2015 at 9:13 AM, Michael Leone <turgon@mike-leone.com> wrote:

Replying to my own self ...

> How do I get my group "SupremeAdmin" to have RW rights into
> "/Project/<user>"? When I create "/Project/<user>", won't the group
> attached to that directory be the group the user is in?

chown, of course ...

> Will that do it?

Oddly, yes. :-) Was a lot easier than I thought ...

>They won't need R access to :/Project", to be able to access
> something under "/Project"?


> As for the rest, I can write a file for the user into their home
> directory, and they can SFTP in and download it. But they *won't* be
> able to delete said file, nor create new files (as they don't have W
> access in that directory).
> What am I missing, so far?

Not a lot, that seemed to do it.

NOW, for a bit of extra ... I will add my test user to it's own
"UpgradeProject" group. I will then see if I can do a SSH chroot jail
for *just* the members of that group, so they can't go snooping
wherever they want ..
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug