locking an SFTP user into only one directory.

Ben Trussell azlobo73 at gmail.com
Thu May 1 10:40:06 MST 2014 

This might be helpful.  Basically you create a mini environment for the
user, then on login the user is restricted to only that environment in
terms of scope (they don't 'see' the rest of the server's filesystems).

http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/


On Wed, Apr 30, 2014 at 4:19 PM, Amit Nepal <amit at amitnepal.com> wrote:

>  A while back, I had done this to restrict to a particular directory ,
> but it may not be ideal for you as you already have some parent
> directories, but you can give a try :
>
> http://www.amitnepal.com/chrooting-users-with-sftp/
>
> Or ,  you may be able to mount that directory somewhere else and give
> access like this :
> http://www.amitnepal.com/ftp-access-to-files-outside-base-directory/
>
> Just look at this part :
>
> mkdir /home/username/extraaccess
>
> mount --bind /folder/to/grant/access/ /home/username/extraaccess
>
> Thanks
>
>
>
> *Amit K Nepal Chief Information Officer (RHCE, CCENT, C|EH, C|HFI, GIAC
> ISO 27000 Specialist) omNovia Technologies Inc. *
> On 4/30/2014 3:54 PM, keith smith wrote:
>
>
>  Hi I'm using CentOS 6.5 and we use the users home dir + "public_html" as
> the docroot for our websites like this:
>
>  /home/user_name/public_html
>
>  We are using SSH for SFTP.  Each host has only one SFTP user.
>
>  What I need to do is add a directory, lets call it uploads like this:
>
>  /home/user_name/public_html/uploads
>
>  Any content in uploads must be accessible to Apache so it can be
> displayed.
>
>  And I would like to add a user that can only access
> /home/user_name/public_html/uploads and would be able to add/edit/remove
> any files in just the uploads directory.
>
>  I thought of a link, however that did not work.  I created a user
> uploads which created a home dir /home/uploads and I tried to link that to
> /home/user_name/public_html/ which created
> /home/user_name/public_html/uploads .  This did not work.
>
>  I hope this makes sense.
>
>  Any suggestions?
>
>  Thanks in advance!!
>
>  Keith
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
---
Ben

python -c "exec(\"import math\\nprint ''.join(map(lambda x: chr(x), (
(ord('a')-(3*5)), int(math.sqrt(math.pi*76)*5+2),
int(math.ceil(math.e)*28), int(math.floor(math.e)*35),
long(abs(4%3*35+3)*2))))\")"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140501/0903b8bb/attachment.html>

More information about the PLUG-discuss mailing list