limit ssh file access by user

Asked by fchambers on 2009-01-14

I am trying to setup a place for a limited number of users to remotely share files. How do I limit their visibility of the server to only the home directory of the user set up as the share user? At present when I use ssh to logi in I can access the entire file system with an ftp program. The particular one that I am using is winSCP but general access using putty also allows movement up the directory tree.

What I want to do is limit the specific user to only their home directory and the files contained in it.

Thanks

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Solved by:
Juraj Lukac
Solved:
2009-01-14
Last query:
2009-01-14
Last reply:
2009-01-14
fchambers (frank-fchambers) said : #1

I have set up the user in a separate account and a separate group and unchecked all of the authorizations in the Gnome app. I didn't see any place to limit access.

Best Juraj Lukac (hrasko) said : #2

Hi,
if you want to share files between the users via an FTP server, there are meny FTP servers to choose from. In tha FTP server configuration you set up chrooting users to their homedirs or to the dirs when they have access.
If you want to use WinSCP (or the scp protocol in general) you can set up the scponly shell for the users. See this web page: http://www.sublimation.org/scponly/wiki/index.php/Main_Page .
I have successfully set up this shell so the users can connect via scp protocol (with WinSCP program for example) while they are chrooted onlly to the selected directory.

Hope this helps.

fchambers (frank-fchambers) said : #3

Juraj,

Thanks for the quick response. I am studying the documentation for the
package. It looks like it will work for me.

Thanks again,

Frank

Juraj Lukac wrote:
> Your question #57436 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/57436
>
> Status: Open => Answered
>
> Juraj Lukac proposed the following answer:
> Hi,
> if you want to share files between the users via an FTP server, there are meny FTP servers to choose from. In tha FTP server configuration you set up chrooting users to their homedirs or to the dirs when they have access.
> If you want to use WinSCP (or the scp protocol in general) you can set up the scponly shell for the users. See this web page: http://www.sublimation.org/scponly/wiki/index.php/Main_Page .
> I have successfully set up this shell so the users can connect via scp protocol (with WinSCP program for example) while they are chrooted onlly to the selected directory.
>
> Hope this helps.
>
>

Are there any other questions you have? If not, please mark this question as solved and select the question that was most helpful in solving it.

fchambers (frank-fchambers) said : #5

Thanks Juraj Lukac, that solved my question.

fchambers (frank-fchambers) said : #6

All set up. Very much appreciate the help.

Thanks

Frank

I think I have the same problem but not sure I understand the solution. I have three clients with access to my OpenSSH SFTP server, each one is directed to their particular folder when they log on. However, if they click the 'up' arrow, they will move up the tree and be able to view the other folders within OpenSSH, including the other two client folders.

Can I limit that access?