From: Bill Stewart <bstewart@iname.com>
To: cygwin@cygwin.com
Subject: Re: Domain User restrictions - Windows server 2012 R2
Date: Wed, 03 Jul 2019 17:01:00 -0000 [thread overview]
Message-ID: <CANV9t=SFgKkmzpy6-LfLdR-Arvw34BwqpvMvznC2dKRKgUYYqg@mail.gmail.com> (raw)
In-Reply-To: <9e8b10829e18453f9e3af064a0d67c7c@ATGRZSW1694.avl01.avlcorp.lan>
On Wed, Jul 3, 2019 at 2:41 AM Bergbauer, Daniel AVL/DE vwrote:
> What I want now is, to restrict every user, who connects to the server via ssh, to its home folder /home/'username' == C:\projects\'username'
If I understand, you are asking if you can restrict the user that
connects to a specific subdirectory structure?
If that's what you are asking, this is possible on POSIX because of
chroot. However chroot is only emulated on Cygwin and is not a true
security control, so this doesn't work on Windows, unfortunately.
The good thing is that Windows permissions still apply, so for example
if the user is only a member of Users, they can do "cd \windows", but
they can't change any files in there.
The ChrootDirectory can be used for sftp-only accounts, however, if
configured correctly.
If you're interested, I created a Windows Cygwin OpenSSH package that
might be useful:
https://github.com/Bill-Stewart/Cygwin-OpenSSH
Bill
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2019-07-03 17:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-03 8:41 Bergbauer, Daniel AVL/DE via cygwin
2019-07-03 16:24 ` Brian Inglis
2019-07-03 17:01 ` Bill Stewart [this message]
2019-07-05 19:31 ` L A Walsh
2019-07-06 19:35 ` Achim Gratz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANV9t=SFgKkmzpy6-LfLdR-Arvw34BwqpvMvznC2dKRKgUYYqg@mail.gmail.com' \
--to=bstewart@iname.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).