4.1. Overview¶
To configure MySecureShell, you need to edit the /etc/ssh/sftp_config file. By default MySecureShell comes with a commented example configuration. This may not match all your needs and you will need to modify it to get it working as expected.
The configuration is made with 2 importants kinds of tags:
- Parent tags (level 1): defining a global context
- Child tags (level 2): defining a specific option for the parent tag
Configuration files should looks like this:
<ParentTag [parameter]>
ChildTag value
</Parent>
4.1.1. Parent tags¶
Tags | Values | Summary |
---|---|---|
Default | None | Default values will be applyed for all other parents tags |
FileSpec | filter name | Allow to create filter on files |
Group | group name | Allow a group |
IpRange | IP/CIDR | Allow a set of range IP address |
User | user name | Allow a user |
VirtualHost | FQDN | Allow a VirtualHost |
4.1.2. Child tags¶
Tags | Values | Summary |
---|---|---|
ByPassGlobalDownload | false/true | Bypassing GlobalDownload value |
ByPassGlobalUpload | false/true | Bypassing GlobalUpload value |
CanChangeRights | false/true | Allow to change rights on files and directories |
CanChangeTime | false/true | Allow to change access and creation time on files and directories |
Charset | <charset> | Enable special charset compatibility |
ConnectionMaxLife | <unix rights> | Limit maximum connection time in seconds |
CreateHome | false/true | Create home user’s directory if it doesn’t exist |
DefaultRights | <unix rights> | Set default rights on new files and folders created |
DirFakeGroup | false/true | Substitute shown group owner name of files and directories, by the name of the connected user |
DirFakeMode | xxxx | Substitute shown rights of files and directories, by those ones |
DirFakeUser | false/true | Substitute shown user owner name of files and directories, by the name of the connected user |
DisableAccount | false/true | Quickly disable an account |
DisableMakeDir | false/true | Disable new directories creation |
DisableOverwrite | false/true | Disable file’s overwriting |
DisableReadDir | false/true | Disable reading directories |
DisableReadFile | false/true | Disable reading files |
DisableRemoveDir | false/true | Disable removing directories |
DisableRemoveFile | false/true | Disable removing files |
DisableRename | false/true | Disable renaming files and directories |
DisableSetAttribute | false/true | Disable changing attributes on files and directories |
DisableSymLink | false/true | Disable creating symbolic link |
DisableWriteFile | false/true | Disable writing files |
Download | <integer><units> | Download bandwidth by connected user |
ExpireDate | <date> | Expiration date |
ForceGroup | <groupname> | Force group assignment for connected user |
ForceRights | <unix rights> | Force rights assignment for connected user |
ForceUser | user | Force user assignment for connected user |
GlobalDownload | <integer><units> | Maximum allowed bandwidth in download for the server |
GlobalUpload | <integer><units> | Maximum allowed bandwidth in upload for the server |
HideNoAccess | false/true | Hide not allowed permissions files and directories |
Home | <path> | Change home of users. |
IdleTimeOut | <integer> | Inactivity timeout before deconnection in seconds |
IgnoreHidden | false/true | Show hidden files and directories (starting with a dot) |
Include | <path> | Include another configuration file |
IsAdmin | false/true | Allow to be administrator |
IsSimpleAdmin | false/true | Allow to be administrator (less righs than IsAdmin tag) |
LimitConnection | <integer> | Limit the number of simultaneous connections |
LimitConnectionByIp | <integer> | Limit the number of simultaneous connections by IP |
LimitConnectionByUser | <integer> | Limit the number of simultaneous connections by user |
LogFile | <path> | Allows to change the file of log |
LogLevel_ | <integer> | Allows to change the loglevel of log |
LogSyslog | false/true | Write log to syslog |
MaxOpenFilesForUser | <integer> | Limit maximum opening files simultaneously |
MaxReadFilesForUser | <integer> | Limit maximum reading files simultaneously |
MaxWriteFilesForUser | <integer> | Limit maximum writing files simultaneously |
MaximumRights | <unix rights> | Set a maximum rights on new files and folders created (unix rights format) |
MinimumRights | <unix rights> | Force minimum rights for new files and new directories (unix rights format) |
ResolveIP | false/true | Resolve IP address from DNS |
SftpProtocol | <integer> | Force the SFTP protocol version |
Shell | <path> | Specify a Shell path to allow users to have a real shell |
ShowLinksAsLinks | false/true | See symbolic links as true files or folders |
StayAtHome | false/true | Restrict user to stay in its home directory and subdirectories |
Upload | x(units) | Upload bandwidth by connected user |
VirtualChroot | false/true | Chroot users in their Home directory |
CallbackDownload | <shell command> | Call a command when download completes |
CallbackUpload | <shell command> | Call a command when upload completes |
4.1.3. Deprecated tags¶
Those tags are deprecated and don’t work anymore!
Tags | Values | Summary |
---|---|---|
CanRemoveDir | false/true | Allow to remove directories |
CanRemoveFile | false/true | Allow to remove files |
GMTTime | <+/-><integer> | Adjusts the clock of the log |
HideFiles | <regex> | Hide files / directories that you want using a regular expression (regex) |
PathAllowFilter | <regex> | Restricted access to files / directories using regular expression (regex) |
PathDenyFilter | <path> | Do not authorize files/directories which match with the regular expression |