Wildcards
基於萬用字元的 SFTP chroot 監獄/訪問
我想提供對 /webdocs/ABC* 的 SFTP 訪問權限的人員列表,他們將僅對與此萬用字元匹配的目錄進行讀寫訪問。我該怎麼做呢?我可以通過 SFTP 創建 chroot jaill 或其他方法,以便這些使用者只能看到/訪問萬用字元匹配嗎?
在
sshd_config設置 sftp 設施的文件中,您可以執行以下操作:AllowGroups sftponly Match Group sftponly ChrootDirectory /webdocs/ABC ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no PasswordAuthentication yes我不相信它會做萬用字元。因此,您必須在文件中創建這些規則的單獨實例。
Chroot目錄
摘自 sshd 配置手冊頁
$ man sshd_config ... ChrootDirectory Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory. The pathname may contain the following tokens that are expanded at runtime once the connecting user has been authenticated: %% is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. The ChrootDirectory must contain the necessary files and directories to support the user's session. For an interactive session this requires at least a shell, typically sh(1), and basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), arandom(4) and tty(4) devices. For file transfer sessions using “sftp”, no additional configuration of the environment is necessary if the inprocess sftp server is used, though sessions which use logging do require /dev/log inside the chroot directory (see sftp-server(8) for details).