[CentOS] how to control sftp's user file folder

Nico Kadel-Garcia nkadel at gmail.com
Tue Mar 1 12:53:21 UTC 2011


On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> 2011/2/28 Yang Yang <dapiyang at gmail.com>:
>> hi,i have a question want to ask
>>
>> if i add a user like:
>>
>> useradd test
>> groupadd test -g www
>>
>> and how to control user test only can see and write only folder(like
>> /home/htdocs/test,he can not see /home/htdocs or other folder)
>
> for example using chrooted scponly or tweaking filesystem acls and
> selinux settings.
>
> scponly chrooted is the easiest way.

No, sftp is actually supported, somewhat, in OpenSSH 5 for this to
work well, which is not in CentOS 5, and integrating it to CentOS 5 is
problematic. It's also awkward to maintain, the chroot cages require
the relevant binaries nad libraries in each user's chroot cage. (I
used to publish the software changes for this, years back under SunOS
and RedHat 5.2, not RHEL 5.2).

Frankly, don't. Use ftps, which Dovecot supports directly, or WebDav
over HTTPS, which Apache supports directly with mod_dav.



More information about the CentOS mailing list