LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   SFTP Jailing Two user groups at the same folder (http://www.linuxquestions.org/questions/linux-server-73/sftp-jailing-two-user-groups-at-the-same-folder-4175431505/)

neopandid 10-10-2012 11:03 AM

SFTP Jailing Two user groups at the same folder
 
Hi,
I have a user group Group1 jailed at
/home/User/
Here is the ls -l output:
drwxr-xr-x 3 root root 4096 Mar 29 2012 User
They are using
/home/User/Folder1
Here is the ls -l output:
drwxrwxrwx 9 nobody Group1 4096 Oct 6 07:42 Folder1
They can write delete files in this folder

My problem is now I have to add another folder for another group.
Folder2
The second group can only write inside Folder2 and can't read write or delete inside Folder1
But the first group should read their files.
How can I do this?
Thanks in advance

MensaWater 10-10-2012 02:43 PM

Since they're jailed users anything they see is relative to the jail parent which appears to the logged in user to be / (root). Since users can't go ABOVE root it means they can only go BELOW it in heirarchy. That means you should make user2's jail a subdirectory of user1's jail.

So if in fact user1 is jailed at /home/user then when they login they don't see /home/User - they see /. What you see from OS side as /home/User/Folder1 they should see as /Folder1.

If you make the jail for user2 /home/User/Folder2 then user1 should be able to access it as /Folder2.

If on the other hand the actual jail of user1 is /home/User/Folder1 then it is that they see as / and you'd have to make the jail for user2 as /home/User/Folder1/Folder2.

Note that since jails contain files necessary for the account to work that would normally be under the real / you might want to create a symbolic link to simplify what user 1 sees.

e.g.
/home/User would have real subdirectories (seen by non-jailed users such as root) such as:
/home/User/bin
/home/User/usr (with appropriate subdirectories such as lib)
/home/User/etc
/home/User/home (which likely has subdirectory /home/User/home/user1 if you use standard home directories)
/home/User/<other directories or files...>

Those however would be seen relative to the jailed "/" by user1 when it logged in so would appear to be:
/bin
/usr
/etc
/home (and the likely subdirectory would be seen as /home/user1).
/<other directories or files...>

So if you then setup another jailed user (user2) under the existing jailed user (user1) it would add the same set of directories under that jail so you'd now also have:
/home/User/user2/bin
/home/User/user2/usr (with appropriate subdirectories such as lib)
/home/User/user2/etc
/home/User/user2/home (which likely has subdirectory /home/User/user2/home/user2 if you use standard home directories)
/home/User/user2/<other directories or files...>

You really don't need user1 to traverse all of that just to get to the /home/user2 files you want user1 to access so you could create a link in /home/User/home/user1 to /home/User/user2/home/user2 as a shortcut.


All times are GMT -5. The time now is 11:49 AM.