[CentOS] how to control sftp's user file folder
Philip Manuel
phil at zomojo.com
Wed Mar 9 02:49:54 UTC 2011
On 03/01/2011 11:53 PM, Nico Kadel-Garcia wrote:
> On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen<eero.volotinen at iki.fi> wrote:
>> 2011/2/28 Yang Yang<dapiyang at gmail.com>:
>>> hi,i have a question want to ask
>>>
>>> if i add a user like:
>>>
>>> useradd test
>>> groupadd test -g www
>>>
>>> and how to control user test only can see and write only folder(like
>>> /home/htdocs/test,he can not see /home/htdocs or other folder)
>> for example using chrooted scponly or tweaking filesystem acls and
>> selinux settings.
>>
>> scponly chrooted is the easiest way.
> No, sftp is actually supported, somewhat, in OpenSSH 5 for this to
> work well, which is not in CentOS 5, and integrating it to CentOS 5 is
> problematic. It's also awkward to maintain, the chroot cages require
> the relevant binaries nad libraries in each user's chroot cage. (I
> used to publish the software changes for this, years back under SunOS
> and RedHat 5.2, not RHEL 5.2).
>
> Frankly, don't. Use ftps, which Dovecot supports directly, or WebDav
> over HTTPS, which Apache supports directly with mod_dav.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I've used rssh for controlling SFTP access.
More information about the CentOS
mailing list