How do I restrict each user to a certain (and different) directory on SFTP
-
- Posts: 2
- Joined: 2020/06/29 20:09:54
How do I restrict each user to a certain (and different) directory on SFTP
Hello, am running CentOS 8.2 and I have three services running on this VM, Steam, Minecraft, and a website. They are all within their own user accounts. What I want to do is I still want to be able to use on all these accounts, but I don't want them to be within the home directory. What I am looking at doing is getting SFTP to only allow access to the folders in each directory, all of which are named differently, but within /home. Is there any way I can do that?
Re: How do I restrict each user to a certain (and different) directory on SFTP
Can you give an example?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2
- Joined: 2020/06/29 20:09:54
Re: How do I restrict each user to a certain (and different) directory on SFTP
Sure. Let's use my website and Half-Life server for example since one has a different situation.
The website is under a user named web. It is in the wheel group and I sign in whenever I need to mess with the website. I set a redirect for /var/www/html to /home/web/(redacted).
I'll redact the folder name where the website is stored as it has the website name.
On the other hand, my Half-Life server is under a user named steam, in the steam home folder there is another folder named steam, and lastly, hlserver. Half-Lifes executible runs out of there.
So what I want to do is this.
For steam, I want SFTP to only be able to access /home/steam/steam/hlserver.
For web, I want SFTP to only be able to access /home/(redacted)
The website is under a user named web. It is in the wheel group and I sign in whenever I need to mess with the website. I set a redirect for /var/www/html to /home/web/(redacted).
I'll redact the folder name where the website is stored as it has the website name.
On the other hand, my Half-Life server is under a user named steam, in the steam home folder there is another folder named steam, and lastly, hlserver. Half-Lifes executible runs out of there.
So what I want to do is this.
For steam, I want SFTP to only be able to access /home/steam/steam/hlserver.
For web, I want SFTP to only be able to access /home/(redacted)
Re: How do I restrict each user to a certain (and different) directory on SFTP
I think you should look for "SFTP chroot".
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: How do I restrict each user to a certain (and different) directory on SFTP
Its fairly easy to do, by restricting home directory access. I do that regularly for my websites.
For example, if I have three websites like:
/home/web1
/home/web2
/home/web3
then I make sure their group/world permissions are restricted, like:
chmod go-wrx /home/web1
chmod go-wrx /home/web2
chmod go-wrx /home/web3
thus, the sftp user web1 can't change to /home and then move to another home directory like web2 or web3.
further into this, php is setup accordingly with open_basedir restrictions, and each apache domain is also restricted the same way.
For example, if I have three websites like:
/home/web1
/home/web2
/home/web3
then I make sure their group/world permissions are restricted, like:
chmod go-wrx /home/web1
chmod go-wrx /home/web2
chmod go-wrx /home/web3
thus, the sftp user web1 can't change to /home and then move to another home directory like web2 or web3.
further into this, php is setup accordingly with open_basedir restrictions, and each apache domain is also restricted the same way.
--
R.I.P. CentOS
--
R.I.P. CentOS
--