Create a very limited user (access to one folder only)
Question posted by: dlite922
(Site Addict)
on
August 22nd, 2008 09:35 PM
I'm creating a batch file to be run on scheduled task on windows that sftp's a file using winscp to a linux machine.
The password is saved in this bat file for all to see, so i need to create a user on the Linux machine that can't do anything but have write access to 1 folder.
I don't want you to walk me through it from A to Z, but after I created the user, how do I do things like:
- cannot log into server using command line (SSH), if possible.
- make sure only one folder is allowed to access via sftp, and nothing else, not even home directory. can I eliminate home directory?
I might consider the home directory "be" the one folder that they have access to, if that's easier.
Also any pointers on how I can only allow txt file to be sent, no exe, pl, etc extensions allowed?
thanks guys,
Dan
2
Answers Posted
The standard way to confine sessions is through the 'chroot' call.
google for 'chroot jail sftp' and you'll find lots of step by step guides.
The 'extension' of a file has no meaning on the linux box and is just part of the name, I'm not aware of a simple mechanism to outlaw certain names.
You could probably do it through a combination of chmod and regular expressions, though. Were I to guess, a shell script would be required to effeciently do this, probably one that runs every so often to ensure that new files are also chmod'd properly.
|
|
|
What is Bytes?
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 197,046 network members.
Top Linux / Unix / BSD Contributors
|
