4.1. Overview

To configure MySecureShell, you need to edit the /etc/ssh/sftp_config file. By default MySecureShell comes with a commented example configuration. This may not match all your needs and you will need to modify it to get it working as expected.

The configuration is made with 2 importants kinds of tags:

  • Parent tags (level 1): defining a global context

  • Child tags (level 2): defining a specific option for the parent tag

Configuration files should looks like this:

<ParentTag [parameter]>
    ChildTag    value
</Parent>

4.1.1. Parent tags

Tags

Values

Summary

Default

None

Default values will be applyed for all other parents tags

FileSpec

filter name

Allow to create filter on files

Group

group name

Allow a group

IpRange

IP/CIDR

Allow a set of range IP address

User

user name

Allow a user

VirtualHost

FQDN

Allow a VirtualHost

4.1.2. Child tags

Tags

Values

Summary

ByPassGlobalDownload

false/true

Bypassing GlobalDownload value

ByPassGlobalUpload

false/true

Bypassing GlobalUpload value

CanChangeRights

false/true

Allow to change rights on files and directories

CanChangeTime

false/true

Allow to change access and creation time on files and directories

Charset

<charset>

Enable special charset compatibility

ConnectionMaxLife

<unix rights>

Limit maximum connection time in seconds

CreateHome

false/true

Create home user’s directory if it doesn’t exist

DefaultRights

<unix rights>

Set default rights on new files and folders created

DirFakeGroup

false/true

Substitute shown group owner name of files and directories, by the name of the connected user

DirFakeMode

xxxx

Substitute shown rights of files and directories, by those ones

DirFakeUser

false/true

Substitute shown user owner name of files and directories, by the name of the connected user

DisableAccount

false/true

Quickly disable an account

DisableMakeDir

false/true

Disable new directories creation

DisableOverwrite

false/true

Disable file’s overwriting

DisableReadDir

false/true

Disable reading directories

DisableReadFile

false/true

Disable reading files

DisableRemoveDir

false/true

Disable removing directories

DisableRemoveFile

false/true

Disable removing files

DisableRename

false/true

Disable renaming files and directories

DisableSetAttribute

false/true

Disable changing attributes on files and directories

DisableSymLink

false/true

Disable creating symbolic link

DisableWriteFile

false/true

Disable writing files

Download

<integer><units>

Download bandwidth by connected user

ExpireDate

<date>

Expiration date

ForceGroup

<groupname>

Force group assignment for connected user

ForceRights

<unix rights>

Force rights assignment for connected user

ForceUser

user

Force user assignment for connected user

GlobalDownload

<integer><units>

Maximum allowed bandwidth in download for the server

GlobalUpload

<integer><units>

Maximum allowed bandwidth in upload for the server

HideNoAccess

false/true

Hide not allowed permissions files and directories

Home

<path>

Change home of users.

IdleTimeOut

<integer>

Inactivity timeout before deconnection in seconds

IgnoreHidden

false/true

Show hidden files and directories (starting with a dot)

Include

<path>

Include another configuration file

IsAdmin

false/true

Allow to be administrator

IsSimpleAdmin

false/true

Allow to be administrator (less righs than IsAdmin tag)

LimitConnection

<integer>

Limit the number of simultaneous connections

LimitConnectionByIp

<integer>

Limit the number of simultaneous connections by IP

LimitConnectionByUser

<integer>

Limit the number of simultaneous connections by user

LogFile

<path>

Allows to change the file of log

LogLevel_

<integer>

Allows to change the loglevel of log

LogSyslog

false/true

Write log to syslog

MaxOpenFilesForUser

<integer>

Limit maximum opening files simultaneously

MaxReadFilesForUser

<integer>

Limit maximum reading files simultaneously

MaxWriteFilesForUser

<integer>

Limit maximum writing files simultaneously

MaximumRights

<unix rights>

Set a maximum rights on new files and folders created (unix rights format)

MinimumRights

<unix rights>

Force minimum rights for new files and new directories (unix rights format)

ResolveIP

false/true

Resolve IP address from DNS

SftpProtocol

<integer>

Force the SFTP protocol version

Shell

<path>

Specify a Shell path to allow users to have a real shell

ShowLinksAsLinks

false/true

See symbolic links as true files or folders

StayAtHome

false/true

Restrict user to stay in its home directory and subdirectories

Upload

x(units)

Upload bandwidth by connected user

VirtualChroot

false/true

Chroot users in their Home directory

CallbackDownload

<shell command>

Call a command when download completes

CallbackUpload

<shell command>

Call a command when upload completes

4.1.3. Deprecated tags

Those tags are deprecated and don’t work anymore!

Tags

Values

Summary

CanRemoveDir

false/true

Allow to remove directories

CanRemoveFile

false/true

Allow to remove files

GMTTime

<+/-><integer>

Adjusts the clock of the log

HideFiles

<regex>

Hide files / directories that you want using a regular expression (regex)

PathAllowFilter

<regex>

Restricted access to files / directories using regular expression (regex)

PathDenyFilter

<path>

Do not authorize files/directories which match with the regular expression