Hi Sheldon, > I've got a server which is only being used for ftp and I've just been asked > to add a new sftp site for a department. I've enabled Shell access but > while testing I can browse the entire system all the way to / and into any > users data. How do I enable sftp access without giving the users full > access to the system?
Yeah, shell access shouldn't be granted to regular users (or siteAdmins). That's way to problematic and has too many security implications. FTP does a chroot. So if a user logs in, he can only see his own files folders. If a siteAdmin FTP's in, he can see pretty much see most of the files and folders that belong to his site. That should be good enough for most. Of course regular FTP is not encrypted. Hence it may not be the most desireable solution. BlueOnyx uses ProFTPd and that indeed does support SFTP. We have it enabled out of the box. Make sure your server is fully updated (one of the recent updates included a newer ProFTPd) and you don't need to do anything special to get SFTP to work. Just connect to the box with an SFTP capable FTP client. If I have to use Windows for FTP (happens rarely enough) I use FlashFXP, which (among other things) supports SFTP. Some clients (like FlahFXP) need to know which "SSL method" or which "SSL authentication method" they should use when they connect to the server. Set this to "Auth SSL" or "Auth TLS", which our ProFTPd supports out of the box. Other than that you don't need to do anything special. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
