0

Goal: I would like to create directory rights so that specific manager user is able to access everything on /data and its child folders, but employees is able to access only Employee folder. This is Redhat. This is SFTP access. Employee users home directory is /parent/Employee. He should upload file only there.

I have done followings: 1) mkdir /parent 2) mkdir /parent/Employee 3) mkdir /parent/Manager

Problem is now that everybody can access /Parent and /Manager directory and its contents. User Employee should able to access only Employee directory and its contents. What to do?

Keke
  • 13
  • 4
  • How are they accessing the directory? Are they logged in on the server, mounting it over NFS or samba, connecting via SSH or SFTP... In all these cases there are options, but knowing exactly what the use case is will help us give a good answer. – Jenny D May 30 '18 at 06:21
  • This is SFTP access. Employee users home directory is /parent/Employee. He should upload file only there. – Keke May 30 '18 at 06:27
  • 1
    Then what you need to do is to set up chroot configuration in your sshd config. Look at https://serverfault.com/questions/656753/configuring-chroot-for-sftp-users to start with. If you can't make it work, you can add your SSHD configuration to the question and explain what went wrong and how. – Jenny D May 30 '18 at 06:42
  • 1
    Possible duplicate of [Configuring Chroot for SFTP Users](https://serverfault.com/questions/656753/configuring-chroot-for-sftp-users) – Jenny D May 30 '18 at 09:28
  • I'm voting to close this as a duplicate. That means that the question will be put on hold for a while. If you can't solve this using the linked question, you can edit the question again, including your config and log messages and what went wrong, and then the question will be put in a queue for reopening. Good luck! – Jenny D May 30 '18 at 09:29

2 Answers2

0

You can set ownership permissions on folders as mentioned below

create two user groups for Employee and managers add respective users to respective groups

set ownership permissons as below

chown -R owner-user:owner-group directory how to use chown

you can also use setfacl to set permissions on folders how to use setfacl

You can allow access for Employees and Managers to Employee folder and add only manager group to Manager folder, doing this should solve your issue

Vijay Muddu
  • 436
  • 2
  • 9
0

Try:

chmod o-rw  /parent
chmod o-rw  /parent/manager
chmod o-rw  /data

This takes away read and write to directory, but leaves bit x. This means that you are still allowed to see /parent/employee if you know the path name. You don't necessarily need chroot.

kubanczyk
  • 13,812
  • 5
  • 41
  • 55