PCMech Forums - View Single Post

LeftyAce · 05-21-2009, 12:52 AM

Just to clarify, you are trying to set the server up for sftp, right? You just want a secure way for users to upload files, they don't need access to the functionality of the machine via ssh? (ssh is often used to give remote control of a computer). If you just want sftp, then restricting users as you describe is pretty straight-forward. If you want them to be able to _use_ the machine, the restrictions you describe may not be feasible.

Here's a link to instructions for setting up sftp: http://www.howtoforge.com/chrooted-s...l-debian-lenny
To restrict users to only be able to view their own home folder, you want to set up what is called a chroot jail. Essentially, when the user logs on, it tells them that the folder they are in is the root folder (/). Since their session believes there is nothing above it, they can't get out and wander around.

Setting things up so that users can write but not delete is tricky (and may not be possible). As far as I can tell, if a user can write a file, they can delete it. There may be a way around this, but more googling is in order (or a more knowledgeable passer-by).

EDIT: If all else fails, a kludgy solution would be some kind of script that runs whenever a user logs out, and sets the permissions on all their files to read-only.

05-21-2009, 12:52 AM	#14
LeftyAce Member (11 bit) Join Date: Feb 2005 Location: tfp Posts: 1,923	Just to clarify, you are trying to set the server up for sftp, right? You just want a secure way for users to upload files, they don't need access to the functionality of the machine via ssh? (ssh is often used to give remote control of a computer). If you just want sftp, then restricting users as you describe is pretty straight-forward. If you want them to be able to _use_ the machine, the restrictions you describe may not be feasible. Here's a link to instructions for setting up sftp: http://www.howtoforge.com/chrooted-s...l-debian-lenny To restrict users to only be able to view their own home folder, you want to set up what is called a chroot jail. Essentially, when the user logs on, it tells them that the folder they are in is the root folder (/). Since their session believes there is nothing above it, they can't get out and wander around. Setting things up so that users can write but not delete is tricky (and may not be possible). As far as I can tell, if a user can write a file, they can delete it. There may be a way around this, but more googling is in order (or a more knowledgeable passer-by). EDIT: If all else fails, a kludgy solution would be some kind of script that runs whenever a user logs out, and sets the permissions on all their files to read-only. __________________ System: ASUS A8N32-SLI Deluxe AMD Opteron Denmark 165 Sapphire Radeon 4850x2 2X1GB G.Skill DDR400 Ram Corsair 850W PSU Thermaltake Soprano case Seagate 7200.10 320GB