I would like to create two levels of users to restrict SFTP access: "parent" users, and "child" users.
I need the parent users to be able to access all the directories owned by the children, but the children should only be able to use their own directories.
How do I do this on CentOS 6?
Since SFTP is just FTP over SSH, you should be able to do this using user home directories and groups. If you created 3 users:
parent
childone
childtwo
You could set their home directories to a structure like this:
/home/parent
/home/parent/childone
/home/parent/childtwo
With permissions:
#> chmod -R 771 /home/parent
#> chown parent:testftp /home/parent
#> chown childone:testftp /home/parent/childone
#> chown childtwo:testftp /home/parent/childtwo
Now, if the parent user is in the testftp group, and the children aren't, the parent should be able to read and write files in their home directories, but the children can only modify their own.
I've just given this some quick testing on my box, and it appears to work fine. Give me a minute and I'll post the full commands to setup.
Full command output:
$> sudo -i
#> mkdir -p /home/parent/{childone,childtwo}
#> groupadd testftp
#> useradd -d /home/parent -M -G testftp parent
#> useradd -d /home/parent/childone -M childone
#> useradd -d /home/parent/childtwo -M childtwo
#> chmod -R 771 /home/parent/
#> chown parent:testftp /home/parent
#> chown childone:testftp /home/parent/childone
#> chown childtwo:testftp /home/parent/childtwo
Appears to work for me!
