I trying to setup my first SFTP server with disallowing timestamp preserve (default option in WINscp for example). I always want to take time from the server not from file.
First, I make group (
ftpaccess) and user (user1 and user2 with restrictions).a.
sudo adduser user1
b.sudo adduser user2 --ingroup ftpaccess --shell /usr/sbin/nologin sudo chown root:root /home/user2 sudo mkdir /home/user2/ftp sudo chown user2:ftpaccess /home/user2/ftp
Works as expected. User2 gets access only to ftp folder.
- Then I force and ensure that users can't preserve file timestamps during upload. I do that by adding in sshd_config file:
Subsystem sftp internal-sftp -P setstat,fsetstat
That also works but only for user1 without ftpaccess group. User2 can preserve timestamp.
/etc/ssh/sshd_config:
Subsystem sftp internal-sftp -P setstat,fsetstat
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
I need Your help and explanation what is the difference between users without any group and those with restricted access. And why sshd_config works only for one of them.
