sftp lock down users 1

[vkviswanadh]

Hi friends when any user using sftp, the system has to lock them to their own home directories and he is not able to see other users'directories. I am trying this in solaris 9.

Can any body help me out how to do this??

Thanks!
Viswanadh

 

[bluedragon2]

You can accomplish that with file/directory permissions and/or groups

[Blue]Blue[/Blue] [Dragon]

If I wasn't Blue, I would just be a Dragon...

 

[vkviswanadh]

Hi thanks a lot for your reply.
I have been searching in the net , there are couple of open stuff available, like "scponly", "rssh" etc. Do you think are these are require for my work.

for scponly :

http://sublimation.org/scponly/wiki/index.php/Main_Page

and for rssh :

http://www.sun.com/bigadmin/content/submitted/chroot_jail_rssh.jsp

Please suggest me , do I need to go for these or the solution which you provided (You can accomplish that with file/directory permissions and/or groups) is enough.

Thanks a lot
viswanadh

 

[elgrandeperro]

I have use scponly with some success. I used it for company to company transfer, and the best way to segregate the accounts and the best security was to chroot, not depend on file/directory permission.

It was easy to setup and for my case, modify the code to suit my purpose.

 

[vkviswanadh]

Hello friends , please let me know how to do that using file/directory permissions and/or groups.

 

[Edcrosbys]

What version of ssh are you running?

If it's OpenSSH greater than 4.9p1, then it is really simple to put specific users in a chroot jail.

Changes to your sshd config-
Change the sftp subsystem to be this:

Subsystem     sftp   internal-sftp

Put something like this at the end:

Match Group sftp
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

You also need to put the users affected in the sftp group and change folder owner to root.

http://blogs.techrepublic.com.com/opensource/?p=229

 

[Annihilannic]

That's great news... a much missed feature.

Annihilannic.