How to restrict Winscp users to specific directories
How can we restrict user access with WINSCP to only specific directories.
Here’s the setup, we have an application that writes files to the following directories:
(The application owner is “applVET” with “dba” group)
Ex of directories:
/u1/../APPVET/data/PPS/recv/pps.txt
/u1/../APPVET/data/PPS/proc/pps.txt
/u1/../APPVET/data/VPT/recv/vpt.txt
/u1/../APPVET/data/VPT/proc/vpt.txt
etc..
These directories are owned by the application owner “applVET” with “dba” group.
Ex:
ls –lrt /u1/../APPVET/data
drwxrwxr-x applVET dba PPS
drwxrwxr-x applVET dba VPT
The WINSCP users are connecting via a user called “extr”, this user “extr” is part of the “dba” group to be able to read and write from those directories. The WINSCP users that deals with PPS files extract the files from the PPS ‘recv’ directory, makes modifications and put it into the PPS ‘proc’ directory, the users that deals with the VPT files do the same but using the VPT directories. But we want the users that deals with PPS.txt files to only have access to the PPS directories and the users that deal with VPT.txt file to only have access to the VPT directories but since the “extr” user is part of the “dba” group to be able to read and write from those directories, these users have access to both the PPS and VPT directories.
Is there a way to restrict the WINSCP PPS and VPT users to only specific directories?
Thanks
Here’s the setup, we have an application that writes files to the following directories:
(The application owner is “applVET” with “dba” group)
Ex of directories:
/u1/../APPVET/data/PPS/recv/pps.txt
/u1/../APPVET/data/PPS/proc/pps.txt
/u1/../APPVET/data/VPT/recv/vpt.txt
/u1/../APPVET/data/VPT/proc/vpt.txt
etc..
These directories are owned by the application owner “applVET” with “dba” group.
Ex:
ls –lrt /u1/../APPVET/data
drwxrwxr-x applVET dba PPS
drwxrwxr-x applVET dba VPT
The WINSCP users are connecting via a user called “extr”, this user “extr” is part of the “dba” group to be able to read and write from those directories. The WINSCP users that deals with PPS files extract the files from the PPS ‘recv’ directory, makes modifications and put it into the PPS ‘proc’ directory, the users that deals with the VPT files do the same but using the VPT directories. But we want the users that deals with PPS.txt files to only have access to the PPS directories and the users that deal with VPT.txt file to only have access to the VPT directories but since the “extr” user is part of the “dba” group to be able to read and write from those directories, these users have access to both the PPS and VPT directories.
Is there a way to restrict the WINSCP PPS and VPT users to only specific directories?
Thanks