sftp limit user directory

Enterprise 2019-07-23 17:51:31 views: null

Background note:
businesses need access application server with a fortress by sftp (22 ports), to replace the greeting speech.

 

Environment Description:

CPU name Operating system version ip Remark
redhat6.8 Red Hat Enterprise Linux Server release 6.8 (Santiago) 172.27.9.199 Application server, shut down selinux
localhost Red Hat Enterprise Linux Server release 6.8 (Santiago) 172.27.9.189 sftp connection test

 

vsftp build installation See: Redhat6.8 set up ftp server and user directories and restrict access ip

1. Create a new user ftp

[root@redhat6 ~]# useradd -d  /opt/AppServer/apache-tomcat-6.0.35/webapps/ROOT/umswav/orgwav -s /sbin/nologin

sftp limit user directory

/opt/AppServer/apache-tomcat-6.0.35/webapps/ROOT/umswav/orgwav storage path for the greeting, the new user-sftp ftp user and set the path for the home directory, the user is dedicated ftp users can not directly ssh login.

2. modify the configuration file sshd_config

[root@redhat6 ~]# view /etc/ssh/sshd_config
#Subsystem      sftp    /usr/libexec/openssh/sftp-server

Subsystem sftp internal-sftp
Match User user-sftp   #ftp的用户名 
      ChrootDirectory /opt/AppServer/apache-tomcat-6.0.35/webapps/ROOT/umswav   #限制ftp用户的目录
      AllowTCPForwarding no
      X11Forwarding no
      ForceCommand internal-sftp

sftp limit user directory

user-sftp user ftp, / opt / AppServer / apache-tomcat-6.0.35 / webapps / ROOT / umswav as limiting directory, i.e. not up switch

3. Modify the directory permissions

3.1 modify directory permissions restrictions

[root@redhat6 ~]# chmod -R 755 /opt

Limiting list owner and root authority must not be higher than 755 (the value can be 755 or 750), the user can get ftp directory but not put.

3.2 modify the upload directory permissions

[root@redhat6 ~]# chown user-sftp:user-sftp /opt/AppServer/apache-tomcat-6.0.35/webapps/ROOT/umswav/orgwav/

The owner ftp upload directory is changed to the user, so you have permission to upload files.

4. Restart the ssh service

[root@redhat6 ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

5. Test

By sftp log in and upload and download test directory and the limiting case

sftp limit user directory

Guess you like

Origin blog.51cto.com/3241766/2422717
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com