Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 10-10-2012, 10:03 AM   #1
Registered: Aug 2011
Location: Russia
Distribution: Debian
Posts: 32

Rep: Reputation: Disabled
SFTP Jailing Two user groups at the same folder

I have a user group Group1 jailed at
Here is the ls -l output:
drwxr-xr-x 3 root root 4096 Mar 29 2012 User
They are using
Here is the ls -l output:
drwxrwxrwx 9 nobody Group1 4096 Oct 6 07:42 Folder1
They can write delete files in this folder

My problem is now I have to add another folder for another group.
The second group can only write inside Folder2 and can't read write or delete inside Folder1
But the first group should read their files.
How can I do this?
Thanks in advance
Old 10-10-2012, 01:43 PM   #2
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,986
Blog Entries: 14

Rep: Reputation: 1187Reputation: 1187Reputation: 1187Reputation: 1187Reputation: 1187Reputation: 1187Reputation: 1187Reputation: 1187Reputation: 1187
Since they're jailed users anything they see is relative to the jail parent which appears to the logged in user to be / (root). Since users can't go ABOVE root it means they can only go BELOW it in heirarchy. That means you should make user2's jail a subdirectory of user1's jail.

So if in fact user1 is jailed at /home/user then when they login they don't see /home/User - they see /. What you see from OS side as /home/User/Folder1 they should see as /Folder1.

If you make the jail for user2 /home/User/Folder2 then user1 should be able to access it as /Folder2.

If on the other hand the actual jail of user1 is /home/User/Folder1 then it is that they see as / and you'd have to make the jail for user2 as /home/User/Folder1/Folder2.

Note that since jails contain files necessary for the account to work that would normally be under the real / you might want to create a symbolic link to simplify what user 1 sees.

/home/User would have real subdirectories (seen by non-jailed users such as root) such as:
/home/User/usr (with appropriate subdirectories such as lib)
/home/User/home (which likely has subdirectory /home/User/home/user1 if you use standard home directories)
/home/User/<other directories or files...>

Those however would be seen relative to the jailed "/" by user1 when it logged in so would appear to be:
/home (and the likely subdirectory would be seen as /home/user1).
/<other directories or files...>

So if you then setup another jailed user (user2) under the existing jailed user (user1) it would add the same set of directories under that jail so you'd now also have:
/home/User/user2/usr (with appropriate subdirectories such as lib)
/home/User/user2/home (which likely has subdirectory /home/User/user2/home/user2 if you use standard home directories)
/home/User/user2/<other directories or files...>

You really don't need user1 to traverse all of that just to get to the /home/user2 files you want user1 to access so you could create a link in /home/User/home/user1 to /home/User/user2/home/user2 as a shortcut.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Jailing a SFTP user. sampappachan_nyc Linux - Software 4 03-16-2011 08:53 AM
chroot sftp jailing on OEL5u3 - what should be its SSH version? abrarpasha.syed Linux - General 4 01-08-2011 03:06 PM
how to create sftp user only in red hat 4 not ftp user ..only sftp user princeu28 Linux - Newbie 1 10-14-2008 08:10 AM
Jailing a user to a specific folder ONLY GUIPenguin Linux - Security 3 09-23-2005 06:16 AM
Jailing SFTP Users to Home directory Jason_25 Linux - Networking 3 01-06-2002 08:32 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:38 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration