I’m coming from an OES/eDirectory background, so pardon my ignorance
on this. I’ve done some searching, but I appear to be missing
somthing. I have a SLES 11 sp4 server that I need to give one user
access to one folder. He needs to be able to add/delete/modify files
and folders in that one folder. I created a user account, but found
that he could see more than I wanted him to. So to restrict access to
that folder, I edited /etc/ssh/sshd_config and added the following:
Match user <the_username>
ChrootDirectory /path/to/folder/
After restarting sshd, I am unable to login as the user. I’m
attempting to login via WinSCP. Any suggestions?
Thanks!
Ken
[QUOTE=ketter;32348]I’m coming from an OES/eDirectory background, so pardon my ignorance
on this. I’ve done some searching, but I appear to be missing
somthing. I have a SLES 11 sp4 server that I need to give one user
access to one folder. He needs to be able to add/delete/modify files
and folders in that one folder. I created a user account, but found
that he could see more than I wanted him to. So to restrict access to
that folder, I edited /etc/ssh/sshd_config and added the following:
Match user <the_username>
ChrootDirectory /path/to/folder/
After restarting sshd, I am unable to login as the user. I’m
attempting to login via WinSCP. Any suggestions?
Thanks!
Ken
I’m coming from an OES/eDirectory background, so pardon my ignorance
on this. I’ve done some searching, but I appear to be missing
somthing. I have a SLES 11 sp4 server that I need to give one user
access to one folder. He needs to be able to add/delete/modify files
and folders in that one folder. I created a user account, but found
that he could see more than I wanted him to. So to restrict access to
that folder, I edited /etc/ssh/sshd_config and added the following:
Match user <the_username>
ChrootDirectory /path/to/folder/
After restarting sshd, I am unable to login as the user. I’m
attempting to login via WinSCP. Any suggestions?
Thanks!
Ken
you have not mentioned how that user needs to access to the files in that folder.
Typically, if the user is to log in to that host, the user will need a “home directory”. Please be aware that session-specific (but persistent) files will be stored in that directory, so if you make “your directory” the home directory of that user, extra files will pop up there after login.
If you have files in a different area of the file system, that the user needs to have access to (additionally), you can grant according permissions to that directory (and contents) but will need to make sure that the user can actually traverse the the path from “/” to the target directory.
If the user actually accesses the files from a remote machine, via i.e. NFS or SMB/CIFS, then “sharing” the target directory (and accessing it directly from the client machine) might be a more easy approach. Setting the proper permissions will then depend from the way the remote access is technically handled.
If you decide to follow the “home dir” route, Thomas’ hint on setting the user’s home directory within user management should put you on the right track.
If the user actually accesses the files from a remote machine, via i.e.
NFS or SMB/CIFS, then “sharing” the target directory (and accessing it
directly from the client machine) might be a more easy approach. Setting
the proper permissions will then depend from the way the remote access
is technically handled.[/color]
Jens,
Thanks for the reminder. I forgot about this method. It actually
makes more sense for this situation. I will set it up this way.
Ken