Re: Best SFTP (w/chroot): vsftpd vs mysecureshell vs other ??

[emmanuel segura <emi2fast@gmail.com>]

Match User user01
    ChrootDirectory /home
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

Match User user02
    ChrootDirectory /home
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

useradd -m user01 && useradd -m user02

chmod 300 /home/user02

restart sshd daemon

[root@nod01 ~]# sftp user02@localhost
user02@localhost's password:
Connected to localhost.
sftp> cd user02
sftp> ls
remote readdir("/user02"): Permission denied
sftp> mkdir hello

In few words, the user user02  can only write and user user01 can write and read

2014/1/4 Chris Davies <chris@roaima.co.uk>

Bob Goldberg <bobg.hahc@gmail.com> wrote:
> trying to determine best solution for an SFTP server.

>   vsftpd appears to be my current best choice

vsftpd is "Very Secure FTP Daemon". It does FTP well (cleartext passwords
notwithstanding). It doesn't do SFTP (file transfer over ssh).

> users must be chroot'ed to /home/chroot/home/<username>.
>   users belong to the chroot group.
>   their home dir down, need all be group owned by chmgr.
>   home dir down; should all be chmod 770(dir)/660(files). so <user> and
> managers (chmgr group) all have rw access to files, and rwx /dirs; with
> other having no rights at all.

> managers ideally chroot'ed to /home/chroot/home.
>   they can access all <username> folders, and transfer files in/out of
> each.
>   they belong to the chmgr group.

Sounds exactly like a job for the Match directive within a standard
sshd_config (openssh-server).

Chris

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: [🔎] ofhlpaxr2f.ln2@news.roaima.co.uk" target="_blank">http://lists.debian.org/[🔎] ofhlpaxr2f.ln2@news.roaima.co.uk

--
esta es mi vida e me la vivo hasta que dios quiera