How to restrict WinSCP users to specific directories

Advertisement

Guest

How to restrict WinSCP users to specific directories

How can we restrict user access with WinSCP to only specific directories.

Here’s the setup, we have an application that writes files to the following directories:
(The application owner is applVET with dba group)

Ex of directories:
/u1/../APPVET/data/PPS/recv/pps.txt
/u1/../APPVET/data/PPS/proc/pps.txt
/u1/../APPVET/data/VPT/recv/vpt.txt
/u1/../APPVET/data/VPT/proc/vpt.txt
etc..

These directories are owned by the application owner applVET with dba group.
Ex:
ls –lrt /u1/../APPVET/data 
drwxrwxr-x   applVET    dba           PPS
drwxrwxr-x   applVET    dba           VPT
The WinSCP users are connecting via a user called extr, this user extr is part of the dba group to be able to read and write from those directories. The WinSCP users that deals with PPS files extract the files from the PPS recv directory, makes modifications and put it into the PPS proc directory, the users that deals with the VPT files do the same but using the VPT directories. But we want the users that deals with PPS.txt files to only have access to the PPS directories and the users that deal with VPT.txt file to only have access to the VPT directories but since the extr user is part of the dba group to be able to read and write from those directories, these users have access to both the PPS and VPT directories.
Is there a way to restrict the WinSCP PPS and VPT users to only specific directories?
Thanks

Reply with quote

Advertisement

Guest

Thanks, maybe I did not explain it properly. I was hoping that the WinSCP client could restrict the user to a specific directory. So if we create a WinSCP.ini file that contains a specific user and a directory, that this user could ONLY access the directory specified in the WinSCP.ini file. I was hoping that there was a setting in the WinSCP client that would prevent the user to see any other directories other that the one specified in the WinSCP.ini file.

Is this feasible ?

Thanks

Reply with quote

Advertisement

orozcom
Guest

WinSCP user - restrict from using

I have used different sets of tools, and many have access restrictions for users.
Example in version control you setup the user, give them certain permissions/roles, etc.. You could actually keep them from logging in to the version control server. This is something that I am looking for.
You we have users that have access through our application through an interface program. The interface is nice because it restricts access and permissions to do certain things for the user, which is good for certain things. Unfortunately someone gave some of these users access to WinSCP to go directly into the server, with their current id, and they can do all sorts of things that we don't want them to do in there, and instead of going through the interface. Is there a way to, I don't know take away there account to even have access to use WinSCP to go to the server? Their unix id needs to to work through the interface, but not in the server through WinSCP.

Reply with quote

Petr
Moderator
Petr avatar
Joined:
Posts:
63

Re: WINSCP user - restrict from using

orozcom wrote:

...Unfortunately someone gave some of these users access to WinSCP to go directly into the server, with their current id, and they can do all sorts of things that we don't want them to do in there, and instead of going through the interface...
Exactly! That is why you need to solve the problem on the server side. You cannot fix this by modifying all possible clients in the world. Sorry.

Reply with quote

Advertisement

You can post new topics in this forum