On Tue, Jan 14, 2014 at 7:13 AM, Joel Rees <joel.r...@gmail.com> wrote:
> Caveat. I don't have the patience to work with ACLs, mostly because I > can't see how they could really work without bringing a system to its > knees. > > To be honest - ACL's were by far my first choice for solving my problem. There is no doubt there's been misinterpretations; I'm sorry for that. So let me drop back to square one, and explain what I want - at the highest level. SIMPLY, this: I have 2 classes of users - SFTP users (customers), and SFTP managers (company users that manage customer data). I want a highly secure and privacy safe SFTP server. But I also want it to appear to users as simple and easy as possible. All users will access SFTP only via an SFTP client. so my wants are: - sftp access only. (but not to exclude ssh access for linux users). - sftp users chroot'ed to their home dir, without any added level's of directory's [beneath home]. - so users should have "w" access to their home. - sftp managers should have "w" access to all sftp-users' home dir's. what would be the best way to accomplish this? I don't care how complex the setup/config is - as long as it's as easy, and idiot-proof for my users as possible. TIA - Bob
