LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 10-10-2012, 11:03 AM   #1
neopandid
Member
 
Registered: Aug 2011
Location: Russia
Distribution: Debian
Posts: 31

Rep: Reputation: Disabled
SFTP Jailing Two user groups at the same folder


Hi,
I have a user group Group1 jailed at
/home/User/
Here is the ls -l output:
drwxr-xr-x 3 root root 4096 Mar 29 2012 User
They are using
/home/User/Folder1
Here is the ls -l output:
drwxrwxrwx 9 nobody Group1 4096 Oct 6 07:42 Folder1
They can write delete files in this folder

My problem is now I have to add another folder for another group.
Folder2
The second group can only write inside Folder2 and can't read write or delete inside Folder1
But the first group should read their files.
How can I do this?
Thanks in advance
 
Old 10-10-2012, 02:43 PM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
Since they're jailed users anything they see is relative to the jail parent which appears to the logged in user to be / (root). Since users can't go ABOVE root it means they can only go BELOW it in heirarchy. That means you should make user2's jail a subdirectory of user1's jail.

So if in fact user1 is jailed at /home/user then when they login they don't see /home/User - they see /. What you see from OS side as /home/User/Folder1 they should see as /Folder1.

If you make the jail for user2 /home/User/Folder2 then user1 should be able to access it as /Folder2.

If on the other hand the actual jail of user1 is /home/User/Folder1 then it is that they see as / and you'd have to make the jail for user2 as /home/User/Folder1/Folder2.

Note that since jails contain files necessary for the account to work that would normally be under the real / you might want to create a symbolic link to simplify what user 1 sees.

e.g.
/home/User would have real subdirectories (seen by non-jailed users such as root) such as:
/home/User/bin
/home/User/usr (with appropriate subdirectories such as lib)
/home/User/etc
/home/User/home (which likely has subdirectory /home/User/home/user1 if you use standard home directories)
/home/User/<other directories or files...>

Those however would be seen relative to the jailed "/" by user1 when it logged in so would appear to be:
/bin
/usr
/etc
/home (and the likely subdirectory would be seen as /home/user1).
/<other directories or files...>

So if you then setup another jailed user (user2) under the existing jailed user (user1) it would add the same set of directories under that jail so you'd now also have:
/home/User/user2/bin
/home/User/user2/usr (with appropriate subdirectories such as lib)
/home/User/user2/etc
/home/User/user2/home (which likely has subdirectory /home/User/user2/home/user2 if you use standard home directories)
/home/User/user2/<other directories or files...>

You really don't need user1 to traverse all of that just to get to the /home/user2 files you want user1 to access so you could create a link in /home/User/home/user1 to /home/User/user2/home/user2 as a shortcut.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Jailing a SFTP user. sampappachan_nyc Linux - Software 4 03-16-2011 09:53 AM
chroot sftp jailing on OEL5u3 - what should be its SSH version? abrarpasha.syed Linux - General 4 01-08-2011 04:06 PM
how to create sftp user only in red hat 4 not ftp user ..only sftp user princeu28 Linux - Newbie 1 10-14-2008 09:10 AM
Jailing a user to a specific folder ONLY GUIPenguin Linux - Security 3 09-23-2005 07:16 AM
Jailing SFTP Users to Home directory Jason_25 Linux - Networking 3 01-06-2002 09:32 PM


All times are GMT -5. The time now is 08:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration