This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Domain User restrictions - Windows server 2012 R2

From: Bill Stewart <bstewart at iname dot com>
To: cygwin at cygwin dot com
Date: Wed, 3 Jul 2019 11:01:18 -0600
Subject: Re: Domain User restrictions - Windows server 2012 R2
References: <9e8b10829e18453f9e3af064a0d67c7c@ATGRZSW1694.avl01.avlcorp.lan>

On Wed, Jul 3, 2019 at 2:41 AM Bergbauer, Daniel AVL/DE vwrote:

> What I want now is, to restrict every user, who connects to the server via ssh, to its home folder /home/'username' == C:\projects\'username'

If I understand, you are asking if you can restrict the user that
connects to a specific subdirectory structure?

If that's what you are asking, this is possible on POSIX because of
chroot. However chroot is only emulated on Cygwin and is not a true
security control, so this doesn't work on Windows, unfortunately.

The good thing is that Windows permissions still apply, so for example
if the user is only a member of Users, they can do "cd \windows", but
they can't change any files in there.

The ChrootDirectory can be used for sftp-only accounts, however, if
configured correctly.

If you're interested, I created a Windows Cygwin OpenSSH package that
might be useful:

https://github.com/Bill-Stewart/Cygwin-OpenSSH

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Follow-Ups:
- Re: Domain User restrictions - Windows server 2012 R2
  - From: L A Walsh

References:
- Domain User restrictions - Windows server 2012 R2
  - From: Bergbauer, Daniel AVL/DE via cygwin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]