I have a RedHat server with SFTP enabled and a few accounts, this server is currently being accessed by an application to read the user's respective files, they do not have Write access. The server is also not on the same domain/network, but ports/firewalls are configured for access.
The current setup includes the following directory structure and permissions:
/sftp / users / user1 / data / FilesAndFolders
sftp: 755 root:root
users: 755 root:root
user1: 754 root:user1
subfolders: 554 user1:user1
The users are set up with CHROOT via the below:
Match Group user1
x11Forwarding no
AllowTcpForwarding no
ChrootDirectory /sftp/users/user1
ForceCommand internal-sftp
This allows the users access to their respective folders with Read-Only access.
My issue is that I cannot seem to create a "SFTP Manager" type of account, that would have Read/Write access to the whole SFTP folder, AND be CHROOT'd to the SFTP folder (or the Data folder, either is OK).
The issue appears to be how the CHROOT is set up, with the current setup you will encounter errors when connecting via FileZilla if the CHROOT is set to the "users" folder or any of the subfolders, it has to be the user1 folder.
Any suggestions or pointers would be greatly appreciated (I feel like i've missed something obvious), i'm also open to alternatives that allow the following:
- Users are locked to only seeing their files with Read-Only.
- A manager account that has Read/Write to all the users folders.
- Can be set up within a Linux distro and isn't overly "hackey" to access via C# (hackey eg Windows shared folder mappings).
- Is moderately secure/uses username and password to access.
EDIT: I believe this is a very similar issue to this one which is unsolved.
