4.1. Overview

To configure MySecureShell, you need to edit the /etc/ssh/sftp_config file. By default MySecureShell comes with a commented example configuration. This may not match all your needs and you will need to modify it to get it working as expected.

The configuration is made with 2 importants kinds of tags:

  • Parent tags (level 1): defining a global context
  • Child tags (level 2): defining a specific option for the parent tag

Configuration files should looks like this:

<ParentTag [parameter]>
    ChildTag    value
</Parent>

4.1.1. Parent tags

Tags Values Summary
Default None Default values will be applyed for all other parents tags
FileSpec filter name Allow to create filter on files
Group group name Allow a group
IpRange IP/CIDR Allow a set of range IP address
User user name Allow a user
VirtualHost FQDN Allow a VirtualHost

4.1.2. Child tags

Tags Values Summary
ByPassGlobalDownload false/true Bypassing GlobalDownload value
ByPassGlobalUpload false/true Bypassing GlobalUpload value
CanChangeRights false/true Allow to change rights on files and directories
CanChangeTime false/true Allow to change access and creation time on files and directories
Charset <charset> Enable special charset compatibility
ConnectionMaxLife <unix rights> Limit maximum connection time in seconds
CreateHome false/true Create home user’s directory if it doesn’t exist
DefaultRights <unix rights> Set default rights on new files and folders created
DirFakeGroup false/true Substitute shown group owner name of files and directories, by the name of the connected user
DirFakeMode xxxx Substitute shown rights of files and directories, by those ones
DirFakeUser false/true Substitute shown user owner name of files and directories, by the name of the connected user
DisableAccount false/true Quickly disable an account
DisableMakeDir false/true Disable new directories creation
DisableOverwrite false/true Disable file’s overwriting
DisableReadDir false/true Disable reading directories
DisableReadFile false/true Disable reading files
DisableRemoveDir false/true Disable removing directories
DisableRemoveFile false/true Disable removing files
DisableRename false/true Disable renaming files and directories
DisableSetAttribute false/true Disable changing attributes on files and directories
DisableSymLink false/true Disable creating symbolic link
DisableWriteFile false/true Disable writing files
Download <integer><units> Download bandwidth by connected user
ExpireDate <date> Expiration date
ForceGroup <groupname> Force group assignment for connected user
ForceRights <unix rights> Force rights assignment for connected user
ForceUser user Force user assignment for connected user
GlobalDownload <integer><units> Maximum allowed bandwidth in download for the server
GlobalUpload <integer><units> Maximum allowed bandwidth in upload for the server
HideNoAccess false/true Hide not allowed permissions files and directories
Home <path> Change home of users.
IdleTimeOut <integer> Inactivity timeout before deconnection in seconds
IgnoreHidden false/true Show hidden files and directories (starting with a dot)
Include <path> Include another configuration file
IsAdmin false/true Allow to be administrator
IsSimpleAdmin false/true Allow to be administrator (less righs than IsAdmin tag)
LimitConnection <integer> Limit the number of simultaneous connections
LimitConnectionByIp <integer> Limit the number of simultaneous connections by IP
LimitConnectionByUser <integer> Limit the number of simultaneous connections by user
LogFile <path> Allows to change the file of log
LogSyslog false/true Write log to syslog
MaxOpenFilesForUser <integer> Limit maximum opening files simultaneously
MaxReadFilesForUser <integer> Limit maximum reading files simultaneously
MaxWriteFilesForUser <integer> Limit maximum writing files simultaneously
MaximumRights <unix rights> Set a maximum rights on new files and folders created (unix rights format)
MinimumRights <unix rights> Force minimum rights for new files and new directories (unix rights format)
ResolveIP false/true Resolve IP address from DNS
SftpProtocol <integer> Force the SFTP protocol version
Shell <path> Specify a Shell path to allow users to have a real shell
ShowLinksAsLinks false/true See symbolic links as true files or folders
StayAtHome false/true Restrict user to stay in its home directory and subdirectories
Upload x(units) Upload bandwidth by connected user
VirtualChroot false/true Chroot users in their Home directory
CallbackDownload <shell command> Call a command when download completes
CallbackUpload <shell command> Call a command when upload completes

4.1.3. Deprecated tags

Those tags are deprecated and don’t work anymore!

Tags Values Summary
CanRemoveDir false/true Allow to remove directories
CanRemoveFile false/true Allow to remove files
GMTTime <+/-><integer> Adjusts the clock of the log
HideFiles <regex> Hide files / directories that you want using a regular expression (regex)
PathAllowFilter <regex> Restricted access to files / directories using regular expression (regex)
PathDenyFilter <path> Do not authorize files/directories which match with the regular expression