Restricting user access on SFTP server backed by S3

Question

I am trying to create a SFTP server which will be backed by S3. I have already succeeded in installing vsftpd and s3fs, linked them and things are working just fine.

Requirements :

A FTP server will have more than one users, and each other will have different s3 buckets linked to their ftp folder. [done]

Approach : Created two different users (say user1 & user2), and mounted buckets to their home directory.
One user should not be able to view folders and files of other users.

Approach : Since I created two different users, I thought the access will be restricted. But looks like when I mount a bucket using s3fs it changes access of the folder to 777.

Now the issue is, I can't restrict my users to access files of other users. My /etc/vsftpd.conf looks like this :-

ftpd_banner=Welcome to Dave's FTP service.

# Now restrict users to their home directories:
chroot_local_user=YES
allow_writeable_chroot=YES

I have seen and tried issues like this, this and this. These didn't help, so please think again before marking it as duplicate

Side comment: FTP is a rather outdated technology. Uploading & Downloading direct to S3 would provide a more scalable and available solution, without the need for a server. For example, they could use a web page or the [AWS Command-Line Interface (CLI)](http://aws.amazon.com/cli/) to transfer files. It would also provide full security capabilities. — John Rotenstein, May 01 '17 at 09:13
You have given each user a different home directory, correct? `chroot_local_user` is not about permissions, it's about not being able to traverse outside your own home directory. You should show some output from an ftp connection to illustrate the bad behavior you observe. Also, as a test, provision some users *not* using s3fs, to verify that vsftpd by itself is working correctly. I don't see how s3fs is going to be directly related to the overall problem. — Michael - sqlbot, May 01 '17 at 09:34

score 1 · Accepted Answer · answered Jul 28 '17 at 17:21

1

You need to create mount directory inside the user directory like /home/user1/mountToS3 and then restrict that directory using chmod and chown. This should do. Let me know if you find any issue. :)

answered Jul 28 '17 at 17:21

Dileep Chirumamila

50
1
7

Restricting user access on SFTP server backed by S3

1 Answers1