"Andrew Schulman" <(E-Mail Removed)> wrote in message
news:bq4g12$1tsh3t$(E-Mail Removed)...
> <posted & mailed>
>
> > I'm using RH9 with openssh-3.5p1-6. My Linux box provides sftp service.
Is
> > there a way to prevent sftp users from using "rm" command? The users are
> > allowed to upload files so I can't disable the write permission on the
> > disk.
>
> One solution would be to provide a single "upload" directory, where users
> can upload their files. Someone with enough authority can move them later
> to their proper locations. This directory can be world-writeable, but
with
> the sticky bit set (mode 1777) so that only a file's owner (or root) can
> delete it. All other directories can be made non-writeable.
>
> It seems to me that this isn't really an SFTP problem, it's a general
> permissions problem. Once a user is authenticated, they have the same
> permissions as if they were sitting at the console typing "rm". So your
> problem really is: how can you allow your users (regardless of how
they've
> signed in) to create new files, but not delete other people's files? The
> sticky bit is a common solution to this problem. See man chmod and search
> for "sticky".
>
> Good luck,
> Andrew.
>
> --
> To reply by email, change "deadspam.com" to "alumni.utexas.net"
Thanks a lot! But the real situation is much more complicated than what I've
posted. I use both vsftpd and sftp (sshd) to provide FTP service. In vsftpd,
I use PAM for authentication, so actually all users share a common account
("virtual" account, as in the vsftp sample) on Linux. There's no way to tell
who puts what in the home directory (/home/virtual). Thus in vsftpd I
disallow write operations other than uploading and creating directory.
However, considering some users might want to modify (rename or move) their
uploaded files, I allow them to use sftp (sshd). But I don't want them to
use the sftp command "rm" specifically for the known reason. Is it possible
to get this around? Any help will be greatly appreciated.
FJY
|
Similar Threads
Linear Mode
