Le 15/01/2014 00:21, Bob Goldberg a écrit :
On Tue, Jan 14, 2014 at 7:13 AM, Joel Rees <joel.r...@gmail.com
<mailto:joel.r...@gmail.com>> wrote:
Caveat. I don't have the patience to work with ACLs, mostly because I
can't see how they could really work without bringing a system to its
knees.
To be honest - ACL's were by far my first choice for solving my problem.
There is no doubt there's been misinterpretations; I'm sorry for that.
So let me drop back to square one, and explain what I want - at the
highest level. SIMPLY, this:
I have 2 classes of users - SFTP users (customers), and SFTP managers
(company users that manage customer data).
I want a highly secure and privacy safe SFTP server. But I also want
it to appear to users as simple and easy as possible. All users will
access SFTP only via an SFTP client.
so my wants are:
- sftp access only. (but not to exclude ssh access for linux users).
- sftp users chroot'ed to their home dir, without any added level's of
directory's [beneath home].
- so users should have "w" access to their home.
- sftp managers should have "w" access to all sftp-users' home dir's.
what would be the best way to accomplish this?
I don't care how complex the setup/config is - as long as it's as
easy, and idiot-proof for my users as possible.
TIA - Bob
Hello,
I have done something similar in the past with FTP (pure-ftpd).
The principle was just to have two level of directory, like this :
/srv/ftp/manager1/client1
/srv/ftp/manager1/client2
/srv/ftp/manager2/client3
/srv/ftp/manager2/client4
...
I was using virtual users, so the owner of all the hierarchy was the ftp
user.
By having chrooted home at different level, you can have what you want.
manager1 : home dir /srv/ftp/manager1
client1 : home dir /srv/ftp/manager1/client1
client2 : home dir /srv/ftp/manager1/client2
manager1 can see files for both clients 1 and 2
client1 and client2 can only their own files
