User Permissions: read/write to ONLY their own dataset via ssh

[martin2380]

Hello,

I'm evaluating Truenas Scale as my ransomware-secure Backup Box.
The Box will only be accessible via SSH and is physically in an other Location.
I would prefer that the Backup Server is pulling the Backups from the Clients - but there are a few Machines that won't be accessible from outside. For them, i will provide a ssh user for every Client Machine that only should have access to their dedicated dataset.
I was able to do that by setting the owner of the datasets to the client-user and disabling read/write/execute for "others".
But the client users still have read access to directories /etc, /var etc.

tl;dr:
I want a user "client1" with ssh credentials have read/write access to only the dataset /mnt/tank/client1, without having any rights for other directorys.
Is it possible to disable even read rights to that direcotrys for client users?

Best Regards
Martin

 

[anodos]

If they only need to read / write files, then you can probably create a sftp chroot for them via auxiliary parameters in the ssh config. Some care will be needed in setting it up so that your users / groups / permissions are correct (and also that you don't break SSH access), but in principle it shouldn't be different than doing the same on a plain linux server.

 

[martin2380]

I will try this later. But as far as i know, rsync requires an actual shell. Won't the shell be able to cd into other directorys?