Create a
group for collaborative users.
[root@fileserver-01
~]# groupadd -g 1501 dev
Create 3 collaborative users with supplementary group of dev and login shell as /sbin/nologin to restrict shell access by the user.
[root@fileserver-01
~]# useradd -u 1001 -G dev –s /sbin/nologin ahmer
[root@fileserver-01
~]# useradd -u 1002 -G dev –s /sbin/nologin mansoor
[root@fileserver-01
~]# useradd -u 1003 -G dev –s /sbin/nologin danish
Set the home directories of these users as /common.
[root@fileserver-01
~]# usermod -d /common ahmer
[root@fileserver-01
~]# usermod -d /common mansoor
[root@fileserver-01
~]# usermod -d /common danish
Set passwords for the users.
[root@fileserver-01
~]# echo 123 | passwd ahmer --stdin
Changing
password for user ahmer.
passwd: all
authentication tokens updated successfully.
[root@fileserver-01
~]# echo 123 | passwd mansoor --stdin
Changing
password for user mansoor.
passwd: all
authentication tokens updated successfully.
[root@fileserver-01
~]# echo 123 | passwd danish --stdin
Changing
password for user danish.
passwd: all
authentication tokens updated successfully.
[root@fileserver-01
~]#
Create a directory for collaboration and adjust permissions on it
according to the requirement.
[root@fileserver-01
~]# mkdir -p /chroot/sftp
[root@fileserver-01
~]# chmod 555 /chroot/sftp
[root@fileserver-01
~]# mkdir /chroot/sftp/common/
[root@fileserver-01
~]# chgrp dev /chroot/sftp/common/
[root@fileserver-01
~]# chmod 2775 /chroot/sftp/common/
Configure sshd service to handle the collaborative users.
[root@fileserver-01
~]# vi /etc/ssh/sshd_config
Search and Comment the following line.
#Subsystem sftp /usr/libexec/openssh/sftp-server
Add following lines at the end of the /etc/ssh/sshd_config.
Subsystem sftp internal-sftp
Match Group dev
X11Forwarding no
AllowTCPForwarding no
ChrootDirectory
/chroot/sftp/
ForceCommand internal-sftp
–u 007
We have set the user mask as 007 to restrict the other users from accessing
our files.
No comments:
Post a Comment