I've setup an Ubuntu 16.04.5 LTS server on the internet for my organization's use when sharing large files. The only access to the server is ssh or sftp.
I've created chrooted directories based on group names for the departments that need to share files. Each group has it's own directory, which acts as it's root directory under which they can create as many directories as needed to organize their files. The configuration for this is in my /etc/ssh/sshd_config file, and the groups are working properly. All permissions for the directories are handled by Linux standard permissions. The pertinent part of my sshd config is:
Match Group sftp
ChrootDirectory /sftp/Sales
PermitTunnel no
AllowAgentForwarding no
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
This config is repeated for each chroot group.
My difficulty is trying to make the Linux permissions fit so that I can have some users in the same group that have read/write access and other users that have read-only access. For example:
I have a groups called Sales. I need 3 users in the Sales group to be able to both read and write in the Sales chroot directory tree. I need 2 others members of Sales who have read permissions only. Since all 5 users are members the Sales group in order to match the user to the Sales chroot directory, how do I specify per-user permissions? I also want the read only users to be able to upload files in a special folder in the directory tree labeled dropbox.
Can this be accomplished using the sshd config and standard Linux permissions?
Thank you
Bookmarks