Caveat. I don't have the patience to work with ACLs, mostly because I
can't see how they could really work without bringing a system to its
knees.
To be honest - ACL's were by far my first choice for solving my problem.
There is no doubt there's been misinterpretations; I'm sorry for that.
So let me drop back to square one, and explain what I want - at the highest level. SIMPLY, this:
I have 2 classes of users - SFTP users (customers), and SFTP managers (company users that manage customer data).
I want a highly secure and privacy safe SFTP server. But I also want it to appear to users as simple and easy as possible. All users will access SFTP only via an SFTP client.
so my wants are:
- sftp access only. (but not to exclude ssh access for linux users).
- sftp users chroot'ed to their home dir, without any added level's of directory's [beneath home].
- so users should have "w" access to their home.
- sftp managers should have "w" access to all sftp-users' home dir's.
what would be the best way to accomplish this?
I don't care how complex the setup/config is - as long as it's as easy, and idiot-proof for my users as possible.