Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: MSmith on April 05, 2005, 04:33:05 AM
-
Scenario: SME 6.01-01 with usershellaccess and rssh contribs ... working fine as an SFTP server. LAN users want to be able to use ibays for various SFTP users rather than each SFTP user's home folder (easy to drag & drop files to & from).
Problem: how to make sure the SFTP users can't go roaming all over the server, accidentally or otherwise. It's simple enough to set up a symlink of, say, /FOO to /home/e-smith/files/ibays/FOO/files, but setting /FOO as the initial folder in WinSCP or FileZilla allows changing directories upward. Is there a reasonably simple way to restrict SFTP/SCP users to certain folders, or to prevent the symlink from being resolved to the full pathname by the client software?
It wouldn't be important to restrict certain users to certain ibays, it'd just be enough to keep them from changing directories from what is specified to them.
Thanks for any help or insight.
-
restricting a user within an application eg proftp is much easier then restricting them within a filesystem
i read it can be done, but isn't trivial, and each user has to be setup seperately.
stephen
-
dungog.net ftp user root contrib is the one that does the "per user" limiting to some directory (or ibay)
it did work for me in 6.0.1 and now on 6.5 as well.
-
yes, but that is only unsecure ftp
msmith wants to use sftp which uses ssh
different port, different programs
maybe ftp over ssl is what we want
http://www.unlimitedftp.ca/resources/ftp/sslclient.html
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
stephen
-
has anyone tried jailkit? http://dag.wieers.com/packages/jailkit/