Hi all,
I'm seeking an efficient and secure means of providing multiple named users access to files by their functional areas. For security, I've chosen SFTP using key pair authentication.
The general principle is we have multiple users as follows:
- We have two type of files for Function A and Function B
- Users A and B in Team X can get/put both Function A files and Function B files
- Users C and D in Team Y can get/put only Function A files
- Users E and F in Team Z can get/put only Function B files
Directory structure would be:
../Files/FunctionA
../Files/FunctionB
I want to ensure users A and B can access all files so was thinking their home directory would be Files and they'd be a member of groups FunctionA and FunctionB
The other users would be members of the appropriate group and their home directory would be the equivalent directory
I'd imagine using a chroot jail to limit access if necessary?
Considering the need to create .ssh directories, I'm just a bit unsure if this heading the right way design-wise or whether there are better ways to do this without compromising security.
SFTP file server not available yet so just thinking through the approach - any thoughts/suggestions welcome!