This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Domain User restrictions - Windows server 2012 R2
On Wed, Jul 3, 2019 at 2:41 AM Bergbauer, Daniel AVL/DE vwrote:
> What I want now is, to restrict every user, who connects to the server via ssh, to its home folder /home/'username' == C:\projects\'username'
If I understand, you are asking if you can restrict the user that
connects to a specific subdirectory structure?
If that's what you are asking, this is possible on POSIX because of
chroot. However chroot is only emulated on Cygwin and is not a true
security control, so this doesn't work on Windows, unfortunately.
The good thing is that Windows permissions still apply, so for example
if the user is only a member of Users, they can do "cd \windows", but
they can't change any files in there.
The ChrootDirectory can be used for sftp-only accounts, however, if
configured correctly.
If you're interested, I created a Windows Cygwin OpenSSH package that
might be useful:
https://github.com/Bill-Stewart/Cygwin-OpenSSH
Bill
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple