Join Log in
Score:1
Mick8695 avatar Ubuntu

How to stop linux user even being able to list other user's directories

cn flag
Mick8695

I'm building an sFTP solution but I can't stop group1user from seeing or more exactly listing group2user's directories. I've configured it so that group1user can't actually get into group2user's directories but they can actually see the directory name when they connect via FileZilla.

File structure =

         /upload/group1Directory

         /upload/group2Directory

dave is the owner and can see and enter both group1Directory and group2Directory

The current permissions look like this

rwxr-xr-x.   4 root root          46 Feb 17 09:55 upload

drwxr-x---. 2 dave group1     60 Feb 17 11:09   group1Directory
drwxr-x---. 2 dave group2     61 Feb 17 11:09   group2Directory

the sshd_config looks like this

Match User dave
        ForceCommand internal-sftp -u 0002
        #PasswordAuthentication yes
        ChrootDirectory /upload
        PermitTunnel no
        AllowAgentForwarding yes
        AllowTcpForwarding yes
        X11Forwarding yes
        PubkeyAuthentication yes

Match User group1user
        ForceCommand internal-sftp -u 0002
        #PasswordAuthentication yes
        ChrootDirectory /upload
        PermitTunnel no
        AllowAgentForwarding yes
        AllowTcpForwarding yes
        X11Forwarding yes
        PubkeyAuthentication yes

Match User group2user
        ForceCommand internal-sftp -u 0002
        #PasswordAuthentication yes
        ChrootDirectory /upload
        PermitTunnel no
        AllowAgentForwarding yes
        AllowTcpForwarding yes
        X11Forwarding yes
        PubkeyAuthentication yes

Any ideas how I can hide group2user's directory from group1user?...and vice-versa? Any help very gratefully received

26
0 + 0
ssh
pa4080 avatar
cn flag
pa4080
Isn't it possible to `ChrootDirectory /upload/group1Directory` and respectively `ChrootDirectory /upload/group2Directory`? Also `dave` could be a member of the both groups and the directories could have [setgid](https://www.geeksforgeeks.org/setuid-setgid-and-sticky-bits-in-linux-file-permissions/) bit enabled: `chmod g=rws group1Directory/ group2Directory/`.
0
Reply
Jeff avatar
mx flag
Jeff
Do you want them to not view any directories at all, or be able to access their own? Either way, here is a similar question that could have some insight. https://superuser.com/questions/161187/how-can-i-prevent-other-users-from-seeing-the-contents-of-my-home-directory
0
Reply
pa4080 avatar
cn flag
pa4080
Also [`Match Group`](https://unix.stackexchange.com/a/137430/201297) can be more flexible way to define chroot.
0
Reply
cn flag
Ray
The members of one group cannot enter the directory of the other group. But you don't want them to see the directory name at all? Is there a reason for this? Perhaps you can explain why you want to do this since most people don't mind as long as they can't get in. Maybe it'll make it easier for someone to help you?
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.