Re: how to control sftp's user file folder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote:
> On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen <eero.volotinen@xxxxxx> wrote:
> > 2011/2/28 Yang Yang <dapiyang@xxxxxxxxx>:
> >> hi,i have a question want to ask
> >>
> >> if i add a user like:
> >>
> >> useradd test
> >> groupadd test -g www
> >>
> >> and how to control user test only can see and write only folder(like
> >> /home/htdocs/test,he can not see /home/htdocs or other folder)
> >
> > for example using chrooted scponly or tweaking filesystem acls and
> > selinux settings.
> >
> > scponly chrooted is the easiest way.
> 
> No, sftp is actually supported, somewhat, in OpenSSH 5 for this to
> work well, which is not in CentOS 5, and integrating it to CentOS 5 is
> problematic. It's also awkward to maintain, the chroot cages require
> the relevant binaries nad libraries in each user's chroot cage. (I
> used to publish the software changes for this, years back under SunOS
> and RedHat 5.2, not RHEL 5.2).
> 
> Frankly, don't. Use ftps, which Dovecot supports directly, or WebDav
> over HTTPS, which Apache supports directly with mod_dav.

I think you mean vsftpd?  Problem with FTPS is that it *can* be
problematic with firewalls (not necessarily your own which you can set
up correctly, but on the client side).

ProFTPD may be a good option as well.  It should have a mod_sftp module
which theoretically could be used in tandem with ProFTPD's native
chroot'ing stuff.  Never tried it though.

Ray
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux