Re: Domain User restrictions - Windows server 2012 R2

[L A Walsh <cygwin at tlinx dot org>]

On 2019/07/03 10:01, Bill Stewart wrote:
> On Wed, Jul 3, 2019 at 2:41 AM Bergbauer, Daniel AVL/DE vwrote:
>
>   
>> What I want now is, to restrict every user, who connects to the server via ssh, to its home folder /home/'username' == C:\projects\'username'
>>     

I don't know if this would work or be easy, but you could add everyone
to a special group, say 'cygmake', then use windows permission
to disallow access to directories they shouldn't be able to enter
using a windows "deny" entry.

You might have to play with it a bit, since you want them to have execute
access to the windows binaries, but maybe not read(?)  Never tried that
before,
but if that works...might solve your problem.

Also, for their individual directories, you might want them only readable
by the user themselves -- so no other users can read it.

It's not ideal, since it involves changing permissions everywhere you don't
want them going, but at least, it has the benefit of being limited to
the 1 group you'd have to restrict.

I feel like I'm lacking sufficient expertise in windows to come up with a
good solution -- maybe asking the question in a windows forum about how
to do the equivalent of chroot or restricting them to their directory and
some list of windows directories?

good luck!


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple