Restrict SFTP access to only certain folders within an accessible root folder
In most SSH/SFTP servers (including Bitvise and OpenSSH), each SSH account exactly corresponds to a Windows user account. This means you can implement this using standard Windows file permissions (access rights), and there's no point in trying to find a SFTP-specific solution.
- Remove generic "Users" access from the root folder (will probably need to disable inheritance before doing so);
- Add non-inheritable "Users: Read" access to the root folder, and to the top-level folders;
- Add inheritable "TheSftpUser: Read" access to every subfolder D;
- Add access rights for other users to other folders as necessary.
Related videos on Youtube
03 : 31
08 : 19
01 : 25
20 : 03
01 : 52
user1173240
Updated on September 18, 2022Comments
-
user1173240 over 1 year
Within my
SFTPserver, I intend to have a root folder, with several folders for separate entities. These entity folders have sub-directories of their own, which pertain to specific functions.E.g. User logs into a
SFTPsession and can see folders A,B and C. Within each folder, are folders D,E and F.I'd like the
SFTPuser to only be allowed to access folder D within A,B and C. Folders E and F across A,B and C are not intended for access by said user. Only one user is expected to be usingSFTP.I've looked at the
sshd_configfile, but I am not sure how this can be enforced using existing policies. Perhaps I can set a user / group policy to this end inWindows 10, but would it apply to thesshd daemon?