Restrict user's access to only one directory

Nuno

2/26/23, 10:30 PM

ServerA needs to have a directory of ServerB mounted in a location, with write permissions.

I've been using SSHFS for this. I find SSHFS being very stable (100% reliable), while NFS was not so stable, besides being really hard to configure, and by default exposing to public, etc...

With SSHFS, I had to create a local user on ServerB, and put its private key on ServerA, to setup the mounts.

However, if someone ever hacks into ServerA, the hacker will be able to access any directory/file that may have 'other' read permissions anywhere on ServerB, by logging into ServerB with that user and its private key.

Is there any way to prevent this, so that the ONLY directory that this user can access is the directory that needs to be mounted on ServerA?

106

0 + 0

security

ssh

sshfs

fstab

centos7

Score:1

Server

John Mahowald

2/26/23, 10:46 PM

Configure ssh server to put the user and their files into a restrictive chroot. If using OpenSSH, probably with directives ChrootDirectory and ForceCommand internal-sftp

NFS requires defining exported volumes, and is not a remote shell. In those respects it fits your file share scenario well. While NFS can be encrypted, usually it is not, so for security reasons is generally confined to a private network.

Both will result is a bad performance experience if the network drops or the remote goes away unexpectedly.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Restrict user's access to only one directory

TH: จำกัดการเข้าถึงของผู้ใช้เพียงไดเร็กทอรีเดียวเท่านั้น

RO: Restricționați accesul utilizatorului la un singur director

RU: Ограничить доступ пользователя только к одному каталогу

VI: Hạn chế quyền truy cập của người dùng vào chỉ một thư mục

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.