How do I restrict an sFTP user to just their home folder?

Similar Messages

• How can we restrict the other user to add their user id's to the user group created in SQ03?

  Hello All,
  How can we restrict the other user to add their user id's to the user group created in SQ03?
  When we enter the user group name and click on "Assign users and Infosets" button in the attached pic "User Group" .
  I was able to enter my user id in other user groups. How to Grey out the other rows in the attached pic "User Group 1".

  How strange I answered (or at least helped) this very same question earlier today. Here the link to my previous answer then:
  http://scn.sap.com/thread/3536135

• How can a Windows user remotely access their Home folder on a MacOSX Server

  I have a staff member who would like to remotely access (ourside of our LAN) their Home folder on our Mac OSX server. Anyone know and willing to share the process?
  Thanks

  Hi Brad!
  Generally, a VPN solution is best to allow someone access to your company network. VPN provides security and access to some or all of your company's network resources.
  If AFP is allowed to pass through the VPN tunnel, then your user would connect via VPN first and then connect to the server with a connect string such as "afp://servername".
  Or if your user's home folder is also shared as a Windows share, your user could connect via VPN first and then connect to the server with a connect string such as "smb://servername".
  Hope this helps! bill
  1 GHz Powerbook G4   Mac OS X (10.4.6)  

• Reinstalling lion server but keeping users/groups including their home folder, mail, etc

  I need to reinstall my lion server due to some changes in the DNS. I have a time machine backup of the server.
  Is there an easy way to transfer/migrate only user data (home folder, mail, calendar, address book).. I do not need to recover the whole server as some services need to be reconfigured.
  Can I use the installtion program as there is an option to migrate from other serves? If so, can I select what to migrate?
  Thanks

  Migration can be handled by the installer or run post-installation by launching /Applications/Utilities/Migration Assistant.app. You'll get three checkboxes: User accounts, applications and "other data." You can exclude certain users from migration, but you can't otherwise alter the list of files brought in from your backup.
  You might choose to migrate users and applications, then, post-install, mount your Time Machine backup as a volume and copy over whatever arbitrary data you want to recover. Don't forget to turn Time Machine off so you don't risk clobbering your backed-up data.
  Best of luck.

• Multiple users pointed to the same location as their "Home Folder"

  One of the things we need to be able to do for out work is share folders. We are project based and do not want to store the projects in the users "eDirectory User" home folder. We made some initial test assigning two users to the same "Home Folder" and shared a folder and had multiple accounts both internal and external pick-up and drop off files in the folder.
  While it appears to work, I wanted to find out if there are downsides in having 20-30 people with the same Filr "Home Folder". What are the potential "gotchas". Security (internal) isn't an issues since these network locations are accessible by all the users anyway.
  Daniel Wells AIA, VCP
  Senior Associate | IT Coordinator
  MHTN Architects, Inc.
  Direct: 801.326.3215 | www.mhtn.com
  vision made real

  Hi!
  Gotchas?
  Well, it essentially does exactly what it is supposed to do.
  (BTW, i have tested this with Filr 1.0.1 some time ago, if 1.1 behaves
  differently this would bw a MAJOR product change.)
  Given:
  Two internal Users A+B with the homedirs pointing to the exact same path
  \\Server\Dir
  One external User c@tld
  * User A logs in and creates a directory X and shares it with contribute
  rights to c@tld.
  * User c@tld logs in and creates a file X\file
  * User B logs in, see a folder X and the file with A as the author. The
  folder IS NOT shared to everyone (at least as far as user B is concerned,
  the user does NOT set the sharing details of user A)
  * User B shares the same folder X with c@tld with view only rights.
  * User c@tld clicks the link from User B and IS NOT able to contribute.
  * User c@tld is puzzled and calls User A asking why his rights have been
  revoked.... etc. etc.
  * User B has the (for him readonly) data somewhere else and calls the folder
  X obsolete and deletes it.
  * User A and c@tld are really pissed off.... etc. etc.
  * User c@tld has several different links with potentially different rights
  all pointing to the same physical location...
  etc.
  Again, it does exactly what it is supposed to do - from a technical point of
  view, but this might not be what the users/organization can
  handle/expect...
  Georg
  >>> Daniel Wells<[email protected]> schrieb am 05.11.2014 um 20:54 in
  Nachricht <[email protected]>:
  > One of the things we need to be able to do for out work is share
  > folders. We are project based and do not want to store the projects in
  > the users "eDirectory User" home folder. We made some initial test
  > assigning two users to the same "Home Folder" and shared a folder and had
  > multiple accounts both internal and external pick-up and drop off files in
  > the folder.
  >
  >
  >
  > While it appears to work, I wanted to find out if there are downsides in
  > having 20-30 people with the same Filr "Home Folder". What are the
  > potential "gotchas". Security (internal) isn't an issues since these
  > network locations are accessible by all the users anyway.
  >
  >
  >
  >
  >
  >
  > Daniel Wells AIA, VCP
  > Senior Associate | IT Coordinator
  > MHTN Architects, Inc.
  > Direct: 801.326.3215 | www.mhtn.com
  > vision made real

• Restricting a sftp user to a particular directory

  Hi,
  While uploading files using WINSCP to a sftp server the user is able to browe all the folder in the sun box. How to restrict the user to view only the folder assigned for him to upload the files ?
  Arut

  Hi,
  As I understand, there is no possibility for that.
  You can only create workspace admin, developer and end user.
  Developer can not create new users and can change apps if app status is "run and build".
  Admin can of course do all things in workspace and end user can not login to workspace.
  I think only option for you is use custom authentication and create app to manage users table.
  Br,Jari

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• I'm administrator of Macbook Pro. Can't get a home folder? Previous owner is off User list but still had a home folder on side bar. How do I get rid of hers and get a home folder of my own? Thanks for any help.

  Hi: Bought a MacBook Pro age circa 2011,works great, except I understand I need to have a Home Folder. I am listed as administrator in the User accounts  pref, in fact I'm the only user there. Still in the sidebar when starting up the Mac, there is the former owners Home Folder and not one for me. I want to delete her Home Folder and get one in the sidebar for me. I've tried all the things I could think of the delete her folder, but can't seem to do it as there isn't a button or prompt that I can click on to delete her folder and create one for me as the adminstrator. I'd really appreciate any help with this problem that someone might give me. Carol

  Welcome to the Apple Support Communities
  If I have understood you properly, to do that, you have to create a new administrator user with your name and for your uses. Follow these steps:
  1. Open System Preferences > Users & Groups, and press the + button to create a new administrator account.
  2. When you have finished creating that user, open  > Log Out, and log in your new user.
  3. Open System Preferences > Users & Groups, select the old user and press the - button to remove the user. If you want, you can select the option to remove the Home folder of this user, so you will only have the Home folder for your account

• How to determine which cell the user has just left?

  I want to check the contents of a JTable cell just after the user has left that cell.
  What is the most reliable way to determine which cell the user has just left?

  Hi,
  I use the cellRenderer for that... if the value is not correct, I call an editCellAt() method...
  JRG

• How do I setup a specific user to edit their department phone numbers?

  We have and IT liaison in each department and I'd like them to be able to edit their own departments mailboxes attributes.  ie. phone numbers, title...
  I was hoping they would be able to do this in Outlook by opening up the Address Book selecting the user, and changing their new phone number, title ...
  What do I need to do to allow them to manage this task for their department only?
  EX2013 sp1/Win2012/OL2010-2013
  PennyM

  Hi PennyM,
  Based on my knowledge, Mail Recipients role is the least permission to do what you need. What's more, if different departments are in different Organization Unit, you can use the following cmdlet to let IT liaison edit their OU only.
  New-RoleGroup -Name "test OU permission" -Roles "Mail Recipients" -Members test1 -RecipientOrganizationalUnitScope contoso.com/users
  Hope this can be helpful to you.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Amy Wang
  TechNet Community Support

• HT3275 How do I find/restore files from items in secure home folder? How do I find/restore files that crashed when in finder of secure (File Vault) home folder?

  How do I find/restore files from items in secure (File Vault) home folder? How do I find/restore files that crashed when in finder of secure (File Vault) home folder?  When I go into Time Machine, I see earlier dates but can't see files in my User File. I have File Vault turned on and see my home folder as a sparsebundle.  Do I neede to restore this in order to see files in my home folder.  When I click on it to restore it gives me an estimated time of over 2 hours.  Also tried to restore an Excel file I was working on when computer hung, so lost it without saving or naming it.  Does it exist anyplace and can I restore it?

  Thanks. I had pretty much figured out from other posts that I had better turn off File Vault for my home folder and use a disk utility sparse bundel for little information I wanted to secure. The information about File Vault 2 in Lion was new and useful though.

• Mobile Users - Sync Files Outside Home Folder?

  Hi folks,
  Regarding mobile user accounts...
  On our server, we have a shared folder as follows:
  /Volumes/Server HD/Business/
  I want to configure my Mobile User account to sync this folder, but I cannot because it does not reside in my Home folder.
  Presumably I could just move the folder to within my Home folder and then recreate the share point from there. But then, a second user would not be able to sync this folder on their Mobile User account.
  Is there a workaround to allow syncing outside the Home folder? I tried using a symlink but this didn't work...
  Thanks!!

  Just modify the SHARE POINT setting of your BUSINESS folder. (SA>File Sharing > Share Points > List > Select your BUSINESS mount point folder)
  Enable Automount > then tick Use as Home Folder and Group Folder
  then go back to your users in WGM, assign the home folder to the newly mounted BUSINESS folder.
  hope this helps.
  Marlon

• User Account deleted, but Home folder still visible

  Deleted a user account within the System Preferences > Accounts and restarted the computer, but the "deleted" account is still visible under Finder > Users.
  It failed to delete the account when I tried to 1st option of saving to .DMG - so I chose the 3rd option i.e.: to remove the Home folder. this seemed to work OK as the User Account is no longer presented as available to Login.
  Don't understand why?
  Thanks

  Apple offers the option saving the user file as a disk image or delete the account, but keep the files in the account, or get rid of it entirely. The first two options make it possible to recreate the user account. You must move the file out of the User directory to rename (remove (deleted)) from the name. Place the folder back into the User directory and create another login using the same name as the file and the system will ask you if you want to use the above mentioned folder as the home folder. Click yes and the user is back as if it never left.
       Why would I want to bother? You might find that there was something left in the user folder that you want to retrieve. Another reason, I consider even more significant is if I am having problems with a user account and it is isolated to that account, I will use this method to hopefully clear up any corruption within the account.

• Deleting user account and their /home directory

  hi,
  I'm a parent volunteer helping to admin a mac lab at my son's K-5 public school. The lab is running o/s 10.5 server on a mini with about 30 imacs as clients.
  I noticed that when I delete a user in workgroup admin, the user's home directory is not deleted at the same time. Is there a way to force the home directory of a user to be deleted at the same time a user is deleted. Its extremely tedious to have to delete the home directories manually.
  This question was previously posted under Open Directory forum, but I've not received any replies so I thought I would try here. Thanks in advance for your assistance.
  William

  william_sf wrote:
  when I delete a user in workgroup admin
  Workgroup Manager only deletes the user record in Open Directory. There is no known preference that I know of that will delete their data (the home folder) at the same time.
  Welcome to the world of the SysAdmin.

• How can I restrict non-adminstrator user from openning Forefox in "safe mode"?

  I want to have parental control on the computer. I have added 'ProConn Latte' to Firefox which serves that purpose but my teenager figured out that he can simply open Firefox in "safe mode" (an option under the START menu) and bypass the control. I have already added administrator password security to MSWindows so that he can not work around his limited user settings but the Firefox loophole still remains.

  Another option you may consider exploring:
  The Safe Mode feature can also be disabled by modifying firefox files, that is explained in [https://support.mozilla.com/en-US/questions/664785#answer-128337 answer to ] ''How to *permanently* disable Firefox Safe Mode option?''
  Remember to password protect all admin accounts, including the normally hidden System Administrator account (which probably has no password set by default), but make sure you have that passwords secure somewhere, &/or have a password reset floppy.
  A determined & knowledgeable teenager will get past most things you attempt to do, especially if you are not actually watching the computer use; maybe even running a different OS from a CD. Quite possibly the teenager has unrestricted access to the internet elsewhere anyway.