V
V
Vitaliy Rasti2015-03-24 15:06:24
linux
Vitaliy Rasti, 2015-03-24 15:06:24

How to make nested SFTP accounts?

Hello everybody. Before the question, a brief description: there is a server, Ubuntu is installed, SFTP login is configured for each user.
A piece of the sshd configuration file:
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Each user in his client accesses only his home directory, everything works.
The question is the following: for example, there is a user user, with a home directory /var/www/user/, this user has two sites that are respectively in /var/www/user/site1, /var/www/user/site2. Each site is run by different developers user-dev1 and user-dev2. How to differentiate rights or can configure ssh so that user-dev1, when logging in via SFTP, sees and has access only to /var/www/user/site1, user-dev2, respectively, only to /var/www/user/site2, and user to his own home directory with your sites?
PS I tried to set the user-dev1 user as the home directory /var/www/user/site1, but then its owner must be root (ChrootDirectory %h, if I understand correctly), and the user user then does not have access to it, but must be to both directories.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Vitaliy Rasti, 2015-03-25
@sevastopoles

help, already broke my head from trying

V
Vasily Angapov, 2015-03-27
@celebrate

Permission issues are resolved with POSIX ACLs:
setfacl -dm u:user:rwx /var/www/user/site1
setfacl -dm u:user:rwx /var/www/user/site2
setfacl -Rm u:user:rwx / var/www/user/site1
setfacl -Rm u:user:rwx /var/www/user/site2
Something like this. After that, the user user will have access rights to the subfolders, even if they are owned by someone else. For ACLs to work, the file system must be mounted with the acl flag.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question