- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Need to tune SFTP access
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2012 09:09 AM
08-09-2012 09:09 AM
Need to tune SFTP access
Hello Gurus,
I have arequirement for tuning SFTP access.
Is it possible to restrict rmdir & rm commands while using via SFTP?
It is needed read/write acees but not the rm & rmdir access. Could you please help me?
Server is 11.23
Rgds
Sree
- Tags:
- sftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2012 01:24 AM
08-10-2012 01:24 AM
Re: Need to tune SFTP access
The SFTP server that is included with the standard HP SSH does not allow restricting individual SFTP commands.
But if you set "chmod +t" on a directory, it will restrict file deletion within that directory: in a chmod +t directory, you must be the owner of the file or the owner of the directory in order to be able to delete a file, even if you have write access to the directory. This feature is often used in /tmp and/or /var/tmp, but you can use it in any directory if you find it useful.
- Tags:
- sticky bit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2012 02:32 AM
08-10-2012 02:32 AM
Re: Need to tune SFTP access
Hi Matti,
Thanks for help.
My requirement is even owner also not supposed to delete a file while via sftp!
I know it is strange... The scenario is many users are using the common account which is via sftp.
Rgds
Sree
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2012 07:20 AM
08-10-2012 07:20 AM
Re: Need to tune SFTP access
Looks like the commercial Tectia SSH server (from ssh.com) is somewhat more configurable, but unfortunately it does not have the ability to restrict individual SFTP commands either.
In theory, you might get the OpenSSH / HP SSH source code, modify the sftp-server component source code to disable the commands you don't want, and compile a custom sftp-server component for your use. Of course, the requirement for this would be that you or someone else in your organization knows how to program in C.
You would also have to modify the sftp-server component to prevent the overwriting of existing files, since overwriting a file with different contents is probably just as bad as deleting it. Right?
This kind of setup would also assume that the users never make mistakes and the network never fails in mid-transfer. In my experience, that assumption is rather unrealistic. If the users cannot delete or overwrite any files, they would have to ask someone else to fix it every time they transfer a wrong file or the transmission is interrupted by a network failure.
>... many users are using the common account which is via sftp.
This is probably the true cause for your problems.
Is it really impossible to assign a separate account for each user?