LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-20-2014, 03:08 PM   #1
cyberdome
Member
 
Registered: Mar 2014
Distribution: Fedora 23 - MariaDB 10.1 -
Posts: 130
Blog Entries: 2

Rep: Reputation: 8
how to restrict SSH - WinSCP access for Users only to a specific directory???


I have a Ubuntu Linux server. I have SSH access enabled on the Server. When I log into the server using WinSCP, the user can browse the / and sub-directories below the / directory. User cannot access the actual ROOT direcoty.

I have run the command chmod a+x home , But this only lets users not access each others directories. With each logging into WinSCP they are able to browse the top level root directories.

My question is can I setup restriction so that when they click on the ROOT in the top level directory tree. They should get error that they cannot access the directory. permission denied error.

Anyone know how I can accomplish this? because right now users cannot access each other directory in the home directory.

For example, under home directory, I have two users folders, one for user A and another for user B. Users A and B cannot access each other's directories. But they both can access top level root and other directories such as etc, bin, boot, var. Not sure if this is possible. But I think I might cause issues with permissions issues with programs or services. Just wondering how it is done in the real world???

Any help is greatly appreciated.
 
Old 08-21-2014, 12:24 AM   #2
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 509

Rep: Reputation: 203Reputation: 203Reputation: 203
Hi,

Do your users need SSH access, or just WinSCP access?

If they don't need to log in (SSH), you might be able to achieve your goal by giving them SFTP access only. This is done in sshd_config, by using the Match, ChrootDirectory and ForceCommand options, for example:

Code:
Match user userA
        ChrootDirectory /home/userA
        X11Forwarding no
        AllowTcpForwarding no
        AllowAgentForwarding no
        ForceCommand internal-sftp
Note that this means they have to use the SFTP protocol, and not SCP. I believe WinSCP can do this, but don't have first hand experience to confirm that.

I hope this helps.

Regards,

Clifford
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict access to the Linux server by some specific group of users. amalendu.rakshit Linux - Security 4 07-02-2013 01:18 AM
Tying WinSCP logins to specific directory tiedyeguy64 Linux - Software 1 02-16-2011 12:01 PM
how to restrict specific users to access restricted sites in squid subhojit Linux - Security 2 11-07-2009 10:15 AM
need to restrict users access to own home directory afgs_uk Linux - Security 2 11-08-2006 11:18 AM
chroot to restrict ssh directory access vbsaltydog Linux - Security 1 07-23-2006 04:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration