Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-20-2014, 04:08 PM   #1
Registered: Mar 2014
Distribution: Fedora 23 - MariaDB 10.1 -
Posts: 130
Blog Entries: 2

Rep: Reputation: 8
how to restrict SSH - WinSCP access for Users only to a specific directory???

I have a Ubuntu Linux server. I have SSH access enabled on the Server. When I log into the server using WinSCP, the user can browse the / and sub-directories below the / directory. User cannot access the actual ROOT direcoty.

I have run the command chmod a+x home , But this only lets users not access each others directories. With each logging into WinSCP they are able to browse the top level root directories.

My question is can I setup restriction so that when they click on the ROOT in the top level directory tree. They should get error that they cannot access the directory. permission denied error.

Anyone know how I can accomplish this? because right now users cannot access each other directory in the home directory.

For example, under home directory, I have two users folders, one for user A and another for user B. Users A and B cannot access each other's directories. But they both can access top level root and other directories such as etc, bin, boot, var. Not sure if this is possible. But I think I might cause issues with permissions issues with programs or services. Just wondering how it is done in the real world???

Any help is greatly appreciated.
Old 08-21-2014, 01:24 AM   #2
Registered: Jan 2012
Location: South Africa
Posts: 503

Rep: Reputation: 189Reputation: 189

Do your users need SSH access, or just WinSCP access?

If they don't need to log in (SSH), you might be able to achieve your goal by giving them SFTP access only. This is done in sshd_config, by using the Match, ChrootDirectory and ForceCommand options, for example:

Match user userA
        ChrootDirectory /home/userA
        X11Forwarding no
        AllowTcpForwarding no
        AllowAgentForwarding no
        ForceCommand internal-sftp
Note that this means they have to use the SFTP protocol, and not SCP. I believe WinSCP can do this, but don't have first hand experience to confirm that.

I hope this helps.




Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict access to the Linux server by some specific group of users. amalendu.rakshit Linux - Security 4 07-02-2013 02:18 AM
Tying WinSCP logins to specific directory tiedyeguy64 Linux - Software 1 02-16-2011 01:01 PM
how to restrict specific users to access restricted sites in squid subhojit Linux - Security 2 11-07-2009 11:15 AM
need to restrict users access to own home directory afgs_uk Linux - Security 2 11-08-2006 12:18 PM
chroot to restrict ssh directory access vbsaltydog Linux - Security 1 07-23-2006 05:28 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:08 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration