0 votes
by (120 points)
edited by

Hi,

When creating a sftp server, I want to know how can I set it so when they are in their root dir (e.g. C:), how do I make it so none of the directories show unless they have read/readwrite permission to the dirs in C:.

Thanks,
Luke

Applies to: File Server
by (144k points)
Hi, by read/readwrite permissions, do you mean Windows file system permissions, or do you have those permissions stored or specified elsewhere?

(Rebex SFTP Server runs under a specific user account and even custom users are in fact virtual users that don't run under a context of a Windows user, which means that Windows file system permissions are not well-suited to control user access.)
by (120 points)
I mean like,

So you give them a root dir of let's say C:\ and then give the virtual user read access to C:\Users. Is there a way so that when they login and go to the root dir, the only folder that shows is Users unless I set it so they can see everything in C:\.

Mostly, you can say if they can view all subdirs which will allow them to view all subdirs of that folder however if you don't want them to view all subdirs and only the one's you have specified access to then they can only see the one you gave them read/write access in the root dir.

1 Answer

0 votes
by (144k points)

There are several ways to achieve this:

a) Use MountCapableFileSystemProvider class to construct a virtual file system from specific file system directories the user should have access to. This can be done on-the-fly inside a custom authentication provider which is called when the user is logging in.

b) Give users access to (let's say) C:\, but use file system notifiers API to prevent users from seeing (or indeed accessing) files and directories they are not supposed to see (or access). To hide files or directories from a listing, use GetChildrenSurrogate notifier event.

...