SFTP Design

Hi all,

I'm seeking an efficient and secure means of providing multiple named users access to files by their functional areas. For security, I've chosen SFTP using key pair authentication.

The general principle is we have multiple users as follows:

1. We have two type of files for Function A and Function B
2. Users A and B in Team X can get/put both Function A files and Function B files
3. Users C and D in Team Y can get/put only Function A files
4. Users E and F in Team Z can get/put only Function B files

Directory structure would be:

../Files/FunctionA
../Files/FunctionB

I want to ensure users A and B can access all files so was thinking their home directory would be Files and they'd be a member of groups FunctionA and FunctionB

The other users would be members of the appropriate group and their home directory would be the equivalent directory

I'd imagine using a chroot jail to limit access if necessary?

Considering the need to create .ssh directories, I'm just a bit unsure if this heading the right way design-wise or whether there are better ways to do this without compromising security.

SFTP file server not available yet so just thinking through the approach - any thoughts/suggestions welcome!

mkdir /home/teamX
cd /home/teamX #home directory of users A and B
mkdir teamY      #home directory of users A
mkdir teamZ      #home directory of users B

Why have you chosen SFTP ?

If you require PUT / GET operations on directories with user management, i would go HTTPS.
There are open and free solutions on multiple platforms offering REST api nowdays.

If you do use SFTP, be sure your users do not have working shell and are chrooted.
As for shared directory, you could use mount bind option, if available.

There are other ways as well, depending on your operating system, which you should specify.

Hope that helps
Regards
Peasant.