Restrict SFTP access to only certain folders within an accessible root folder
In most SSH/SFTP servers (including Bitvise and OpenSSH), each SSH account exactly corresponds to a Windows user account. This means you can implement this using standard Windows file permissions (access rights), and there's no point in trying to find a SFTP-specific solution.
- Remove generic "Users" access from the root folder (will probably need to disable inheritance before doing so);
- Add non-inheritable "Users: Read" access to the root folder, and to the top-level folders;
- Add inheritable "TheSftpUser: Read" access to every subfolder D;
- Add access rights for other users to other folders as necessary.
Related videos on Youtube
user1173240
Updated on September 18, 2022Comments
-
user1173240 over 1 year
Within my
SFTP
server, I intend to have a root folder, with several folders for separate entities. These entity folders have sub-directories of their own, which pertain to specific functions.E.g. User logs into a
SFTP
session and can see folders A,B and C. Within each folder, are folders D,E and F.I'd like the
SFTP
user to only be allowed to access folder D within A,B and C. Folders E and F across A,B and C are not intended for access by said user. Only one user is expected to be usingSFTP
.I've looked at the
sshd_config
file, but I am not sure how this can be enforced using existing policies. Perhaps I can set a user / group policy to this end inWindows 10
, but would it apply to thesshd daemon
?