4.1. Overview¶
To configure MySecureShell, you need to edit the /etc/ssh/sftp_config file. By default MySecureShell comes with a commented example configuration. This may not match all your needs and you will need to modify it to get it working as expected.
The configuration is made with 2 importants kinds of tags:
Parent tags (level 1): defining a global context
Child tags (level 2): defining a specific option for the parent tag
Configuration files should looks like this:
<ParentTag [parameter]>
ChildTag value
</Parent>
4.1.1. Parent tags¶
Tags |
Values |
Summary |
|---|---|---|
None |
Default values will be applyed for all other parents tags |
|
filter name |
Allow to create filter on files |
|
group name |
Allow a group |
|
IP/CIDR |
Allow a set of range IP address |
|
user name |
Allow a user |
|
FQDN |
Allow a VirtualHost |
4.1.2. Child tags¶
Tags |
Values |
Summary |
|---|---|---|
false/true |
Bypassing GlobalDownload value |
|
false/true |
Bypassing GlobalUpload value |
|
false/true |
Allow to change rights on files and directories |
|
false/true |
Allow to change access and creation time on files and directories |
|
<charset> |
Enable special charset compatibility |
|
<unix rights> |
Limit maximum connection time in seconds |
|
false/true |
Create home user’s directory if it doesn’t exist |
|
<unix rights> |
Set default rights on new files and folders created |
|
false/true |
Substitute shown group owner name of files and directories, by the name of the connected user |
|
xxxx |
Substitute shown rights of files and directories, by those ones |
|
false/true |
Substitute shown user owner name of files and directories, by the name of the connected user |
|
false/true |
Quickly disable an account |
|
false/true |
Disable new directories creation |
|
false/true |
Disable file’s overwriting |
|
false/true |
Disable reading directories |
|
false/true |
Disable reading files |
|
false/true |
Disable removing directories |
|
false/true |
Disable removing files |
|
false/true |
Disable renaming files and directories |
|
false/true |
Disable changing attributes on files and directories |
|
false/true |
Disable creating symbolic link |
|
false/true |
Disable writing files |
|
<integer><units> |
Download bandwidth by connected user |
|
<date> |
Expiration date |
|
<groupname> |
Force group assignment for connected user |
|
<unix rights> |
Force rights assignment for connected user |
|
user |
Force user assignment for connected user |
|
<integer><units> |
Maximum allowed bandwidth in download for the server |
|
<integer><units> |
Maximum allowed bandwidth in upload for the server |
|
false/true |
Hide not allowed permissions files and directories |
|
<path> |
Change home of users. |
|
<integer> |
Inactivity timeout before deconnection in seconds |
|
false/true |
Show hidden files and directories (starting with a dot) |
|
<path> |
Include another configuration file |
|
false/true |
Allow to be administrator |
|
false/true |
Allow to be administrator (less righs than IsAdmin tag) |
|
<integer> |
Limit the number of simultaneous connections |
|
<integer> |
Limit the number of simultaneous connections by IP |
|
<integer> |
Limit the number of simultaneous connections by user |
|
<path> |
Allows to change the file of log |
|
<integer> |
Allows to change the loglevel of log |
|
false/true |
Write log to syslog |
|
<integer> |
Limit maximum opening files simultaneously |
|
<integer> |
Limit maximum reading files simultaneously |
|
<integer> |
Limit maximum writing files simultaneously |
|
<unix rights> |
Set a maximum rights on new files and folders created (unix rights format) |
|
<unix rights> |
Force minimum rights for new files and new directories (unix rights format) |
|
false/true |
Resolve IP address from DNS |
|
<integer> |
Force the SFTP protocol version |
|
<path> |
Specify a Shell path to allow users to have a real shell |
|
false/true |
See symbolic links as true files or folders |
|
false/true |
Restrict user to stay in its home directory and subdirectories |
|
x(units) |
Upload bandwidth by connected user |
|
false/true |
Chroot users in their Home directory |
|
<shell command> |
Call a command when download completes |
|
<shell command> |
Call a command when upload completes |
4.1.3. Deprecated tags¶
Those tags are deprecated and don’t work anymore!
Tags |
Values |
Summary |
|---|---|---|
false/true |
Allow to remove directories |
|
false/true |
Allow to remove files |
|
<+/-><integer> |
Adjusts the clock of the log |
|
<regex> |
Hide files / directories that you want using a regular expression (regex) |
|
<regex> |
Restricted access to files / directories using regular expression (regex) |
|
<path> |
Do not authorize files/directories which match with the regular expression |