Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vitaliy Rasti2015-03-24 15:06:24
linux
Vitaliy Rasti, 2015-03-24 15:06:24

How to make nested SFTP accounts?

Hello everybody. Before the question, a brief description: there is a server, Ubuntu is installed, SFTP login is configured for each user.
A piece of the sshd configuration file:
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Each user in his client accesses only his home directory, everything works.
The question is the following: for example, there is a user user, with a home directory /var/www/user/, this user has two sites that are respectively in /var/www/user/site1, /var/www/user/site2. Each site is run by different developers user-dev1 and user-dev2. How to differentiate rights or can configure ssh so that user-dev1, when logging in via SFTP, sees and has access only to /var/www/user/site1, user-dev2, respectively, only to /var/www/user/site2, and user to his own home directory with your sites?
PS I tried to set the user-dev1 user as the home directory /var/www/user/site1, but then its owner must be root (ChrootDirectory %h, if I understand correctly), and the user user then does not have access to it, but must be to both directories.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vitaliy Rasti, 2015-03-25
@sevastopoles

help, already broke my head from trying

Report
V
Vasily Angapov, 2015-03-27
@celebrate

Permission issues are resolved with POSIX ACLs:
setfacl -dm u:user:rwx /var/www/user/site1
setfacl -dm u:user:rwx /var/www/user/site2
setfacl -Rm u:user:rwx / var/www/user/site1
setfacl -Rm u:user:rwx /var/www/user/site2
Something like this. After that, the user user will have access rights to the subfolders, even if they are owned by someone else. For ACLs to work, the file system must be mounted with the acl flag.

Similar questions
C
chuhnevdan2021-04-13 09:38:42
Hello, I have a Django project, the task is the following, there is a csv file, it is necessary to create a table on the page based on it, what is the mistake? 2Reply
R
rinaz222019-10-18 18:19:06
How to follow the link in the mobile version of the site only after the second click? 5Reply
J
joha07382021-05-11 15:59:03
Is it possible to create an array from methods in Java? 3Reply
N
Nabi Alimetov2019-01-24 15:55:45
How to put OpenMCU and Asterisk on the same server? 2Reply
A
Alexander Kunin2014-08-08 20:23:45
How to reach the server by external ip when connected to it via VPN (pptpd, CentOS)? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question