linux – SFTP文件限制

前端之家收集整理的这篇文章主要介绍了linux – SFTP文件限制前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
是否可以在 Linux上使用SFTP并将用户帐户限制为一个目录,以便不能获得其他目录列表?是的,我必须使用SFTP,FTP仅供喜欢被黑客攻击的人使用.

例如,我希望有人修改/ var / www / code /中的文件,但我不希望他们能够修改其他任何内容.我甚至不希望他们看到内容/ tmp /.

(只要它是安全的,我会接受“快速而肮脏”的解决方案.)

解决方法

从sshd_config手册页:
ChrootDirectory
             Specifies a path to chroot(2) to after authentication.  This
             path,and all its components,must be root-owned directories that
             are not writable by any other user or group.  After the chroot,sshd(8) changes the working directory to the user's home directo-
             ry.

             The path may contain the following tokens that are expanded at
             runtime once the connecting user has been authenticated: %% is
             replaced by a literal '%',%h is replaced by the home directory
             of the user being authenticated,and %u is replaced by the user-
             name of that user.

             The ChrootDirectory must contain the necessary files and directo-
             ries to support the user's session.  For an interactive session
             this requires at least a shell,typically sh(1),and basic /dev
             nodes such as null(4),zero(4),stdin(4),stdout(4),stderr(4),arandom(4) and tty(4) devices.  For file transfer sessions using
             ``sftp'',no additional configuration of the environment is nec-
             essary if the in-process sftp server is used,though sessions
             which use logging do require /dev/log inside the chroot directory
             (see sftp-server(8) for details).

             The default is not to chroot(2).
原文链接:https://www.f2er.com/linux/396736.html

猜你在找的Linux相关文章