Sponsored Content
Full Discussion: SFTP Design
Top Forums UNIX for Advanced & Expert Users SFTP Design Post 303017144 by Bagpuss on Thursday 10th of May 2018 05:11:26 AM
Old 05-10-2018
Question SFTP Design

Hi all,

I'm seeking an efficient and secure means of providing multiple named users access to files by their functional areas. For security, I've chosen SFTP using key pair authentication.

The general principle is we have multiple users as follows:
  1. We have two type of files for Function A and Function B
  2. Users A and B in Team X can get/put both Function A files and Function B files
  3. Users C and D in Team Y can get/put only Function A files
  4. Users E and F in Team Z can get/put only Function B files

Directory structure would be:
Code:
../Files/FunctionA
../Files/FunctionB

I want to ensure users A and B can access all files so was thinking their home directory would be Files and they'd be a member of groups FunctionA and FunctionB

The other users would be members of the appropriate group and their home directory would be the equivalent directory

I'd imagine using a chroot jail to limit access if necessary?

Considering the need to create .ssh directories, I'm just a bit unsure if this heading the right way design-wise or whether there are better ways to do this without compromising security.

SFTP file server not available yet so just thinking through the approach - any thoughts/suggestions welcome!

Last edited by rbatte1; 05-10-2018 at 08:29 AM..
 

7 More Discussions You Might Find Interesting

1. Programming

C++ class design

Can anybody tell me what is the best website or books to read for getting good knowledge in doing C++ class design. Please leave cplusplus.com or bjorne stroustrup. Other than these is there any website or book. Please do tell me (0 Replies)
Discussion started by: dhanamurthy
0 Replies

2. Programming

c++, design patterns and Unix

I know this is C Unix section, still I address a C++ question. How often did you see/use/apply or consider is welcome to write C++ code on Unix, based on 'design patters'? Since I'm at the very beginning with Unix programming, I have this doubt, ... about DP techniques and languages where to apply... (3 Replies)
Discussion started by: mihk
3 Replies

3. Shell Programming and Scripting

I want to design a program

i want to make a shell program. This program i give a current day and the result is to appear the celebrity and birthday(birthday and celebration is 2 txt files). In addition this procedure must do for a space day in future or past depend on user choice. Finally the program can run and as... (2 Replies)
Discussion started by: mytilini boy
2 Replies

4. Shell Programming and Scripting

shell design

i want to design the shell for some basic commands such as cp mkdir rm mv etc... so please let me know how to start and wich all books to refer and if any body is having the model just mail me at, devskamat018@gmail.com:) i will be waiting please reply soon (1 Reply)
Discussion started by: devaray
1 Replies

5. Shell Programming and Scripting

SFTP-how to log individual sftp command error while executing shell script

Hi, I have situation where i need to automate transferring 10000+ files using sftp. while read line do if ; then echo "-mput /home/student/Desktop/folder/$line/* /cygdrive/e/folder/$line/">>sftpCommand.txt fi done< files.txt sftp -b sftpCommand.txt stu@192.168.2.1 The above... (1 Reply)
Discussion started by: noobrobot
1 Replies

6. Red Hat

Chroot sftp users, remote sftp login shows wrong timestamp on files

Hello, I have a weird issue, I have RHEL 5.7 running with openssh5.2 where sftpgroup OS group is chroot. I see the difference difference in timestamp on files, when I login via ssh and SFTP, I see four hour difference, is something missing in my configuration. #pwd... (8 Replies)
Discussion started by: bobby320
8 Replies

7. Shell Programming and Scripting

Sftp : not able to print the echo statements after the sftp transfer

I had the below sftp script working perfectly but the problem is I am not able to send the echo statements . #!/bin/sh echo "Starting to sftp..." sftp admin@myip << END_SCRIPT cd /remotepath/ lcd /localpath/ mget myfiles*.csv bye END_SCRIPT echo "Sftp successfully." echo echo... (11 Replies)
Discussion started by: scriptscript
11 Replies
SFTP-SERVER(8)						    BSD System Manager's Manual 					    SFTP-SERVER(8)

NAME
sftp-server -- SFTP server subsystem SYNOPSIS
sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] [-u umask] DESCRIPTION
sftp-server is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin. sftp-server is not intended to be called directly, but from sshd(8) using the Subsystem option. Command-line flags to sftp-server should be specified in the Subsystem declaration. See sshd_config(5) for more information. Valid options are: -d start_directory specifies an alternate starting directory for users. The pathname may contain the following tokens that are expanded at runtime: %% is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the user- name of that user. The default is to use the user's home directory. This option is useful in conjunction with the sshd_config(5) ChrootDirectory option. -e Causes sftp-server to print logging information to stderr instead of syslog for debugging. -f log_facility Specifies the facility code that is used when logging messages from sftp-server. The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. -h Displays sftp-server usage information. -l log_level Specifies which messages will be logged by sftp-server. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions that sftp-server performs on behalf of the client. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. The default is ERROR. -R Places this instance of sftp-server into a read-only mode. Attempts to open files for writing, as well as other operations that change the state of the filesystem, will be denied. -u umask Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask. For logging to work, sftp-server must be able to access /dev/log. Use of sftp-server in a chroot configuration therefore requires that syslogd(8) establish a logging socket inside the chroot directory. SEE ALSO
sftp(1), ssh(1), sshd_config(5), sshd(8) T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress material. HISTORY
sftp-server first appeared in OpenBSD 2.8. AUTHORS
Markus Friedl <markus@openbsd.org> BSD
January 4, 2013 BSD
All times are GMT -4. The time now is 12:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy