Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Limiting SFTP Users While Not Limiting Regular Users?
Operating Systems HP-UX Limiting SFTP Users While Not Limiting Regular Users? Post 302300634 by Emancipator on Tuesday 24th of March 2009 04:13:50 PM
Old 03-24-2009
Limiting SFTP Users While Not Limiting Regular Users?
Hi,

I have searched the web and have come back with nothing that is satisfactory for what I require. SFTP is my corporations new file transfer standard. What I require is a method to lock down SFTP users to their directory (they may go to sub directories) while not restricting regular users.

We setup a CHROOTed user in OpenSSH but it requires that the write option be disabled (for world and group) in all the parent directories of where we would like the SFTP user home directory to be. We tried to hard link the user directory to the location but it still requires write be disabled (for world and group) in the parent directories of the directory that is linked. An easy alternative would be to disable the CD command but once again I have not found a method to do so. Any ideas are greatly appreciated!

Thanks ahead of time!
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Limiting access

Hi, I'm new to linux and unix, and i have couple of problems: 1) how can i limit the access for a user, for example, i created a user, and i want that this user will be able to be only in one directory, and will see only the files i want him to. 2) I have a domain name, and i want that every... (4 Replies)
Discussion started by: misha
4 Replies

2. UNIX for Advanced & Expert Users

Limiting telnet sessions on HP UX Box

Anyone know how to limit the telnet sessions on a per user basis on an HP UX Box. I would like to limit the Maximum number of telnet seesions a user can open at any give time to around 4 or 5. I have been looking and looking and do not seem to be able to find anything on this. Any help would be... (2 Replies)
Discussion started by: Witlr
2 Replies

3. Cybersecurity

Problem with limiting logins to one in AIX 5.3

I am migrating from 5.2 to 5.3 AIX. In previous versions of AIX, including 5.2, I've been able to limit user's logins to 1 by using the following script named Block_user: #!/bin/ksh USER=$1 NUM=`who | grep $USER | cut -c1-8 | wc -l` #The above ' is not a single quote but back quote if ]... (2 Replies)
Discussion started by: Confused_lulu
2 Replies

4. HP-UX

limiting failed logins to three

I have tried limiting failed logins to three by the following method logins -ox \ | awk -F: '($8 != "LK" && $1 != "root") { print $1 }' \ | while read logname; do /usr/lbin/modprpw -m umaxlntr=3 "$logname" done /usr/lbin/modprdef -m umaxlntr=3 but it is failing on the 4th... any ideas?... (1 Reply)
Discussion started by: csaunders
1 Replies

5. Shell Programming and Scripting

Limiting output file size

Hi guys, I want to know if there is a way to check the current size of the file that I output "stuff" to. For example, if I run a command that outputs data (like another shell script or C program) and i do something like `./a.out &> tempfile.txt` within the script, I want to be constantly... (2 Replies)
Discussion started by: solaris7
2 Replies

6. Solaris

Limiting Connections from a single IP

I'm looking for a way to limit connections to a Solaris 10 box from any single IP. The problem is that I've had more experience doing this with IPTables on Linux, rather than with IPFilter, which I've found to be somewhat feature-poor. I hope there is some way to do this using IPFilter, I've... (2 Replies)
Discussion started by: spynappels
2 Replies

7. Red Hat

Chroot sftp users, remote sftp login shows wrong timestamp on files

Hello, I have a weird issue, I have RHEL 5.7 running with openssh5.2 where sftpgroup OS group is chroot. I see the difference difference in timestamp on files, when I login via ssh and SFTP, I see four hour difference, is something missing in my configuration. #pwd... (8 Replies)
Discussion started by: bobby320
8 Replies

8. UNIX for Advanced & Expert Users

Limiting access to postqueue

Hi, I have a Debian 6 machine running Postfix 2.7.1. The email server works pretty well. I discovered that any non-root user can access to the mail queue using postqueue command just like root. How can I limit this access? (1 Reply)
Discussion started by: mjdousti
1 Replies

9. Shell Programming and Scripting

Limiting the Script

Greetings. I have script to monitor the disk space of folder it runs every 17 min with help of cron. It sends email when disk size reaches to 85 %. Now the issue is that it continousely generates email until we clear some space in that folder. Is it possible to restrict the Script to send only... (14 Replies)
Discussion started by: manju98458
14 Replies

LEARN ABOUT NETBSD

sftp-server

SFTP-SERVER(8)						    BSD System Manager's Manual 					    SFTP-SERVER(8)

NAME

     sftp-server -- SFTP server subsystem

SYNOPSIS

     sftp-server [-ehR] [-f log_facility] [-l log_level] [-u umask]

DESCRIPTION

     sftp-server is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin.  sftp-server is not
     intended to be called directly, but from sshd(8) using the Subsystem option.

     Command-line flags to sftp-server should be specified in the Subsystem declaration.  See sshd_config(5) for more information.

     Valid options are:

     -e      Causes sftp-server to print logging information to stderr instead of syslog for debugging.

     -f log_facility
	     Specifies the facility code that is used when logging messages from sftp-server.  The possible values are: DAEMON, USER, AUTH,
	     LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The default is AUTH.

     -h      Displays sftp-server usage information.

     -l log_level
	     Specifies which messages will be logged by sftp-server.  The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1,
	     DEBUG2, and DEBUG3.  INFO and VERBOSE log transactions that sftp-server performs on behalf of the client.	DEBUG and DEBUG1 are
	     equivalent.  DEBUG2 and DEBUG3 each specify higher levels of debugging output.  The default is ERROR.

     -R      Places this instance of sftp-server into a read-only mode.  Attempts to open files for writing, as well as other operations that
	     change the state of the filesystem, will be denied.

     -u umask
	     Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask.

     For logging to work, sftp-server must be able to access /dev/log.	Use of sftp-server in a chroot configuration therefore requires that
     syslogd(8) establish a logging socket inside the chroot directory.

SEE ALSO

     sftp(1), ssh(1), sshd_config(5), sshd(8)

     T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress material.

HISTORY

     sftp-server first appeared in OpenBSD 2.8.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								  January 9, 2010							       BSD
All times are GMT -4. The time now is 04:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy