EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Restricting Folder Access for SFTP Server

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 05/27/2009 15:18:05
by Michael Philbrick (Standard support level)
Joined: 05/27/2009
Posts: 5

I am creating an SFTP Server and only the SFTP clients I create will have access to it. However, for additional security purposes, I would like set the default folder and restrict which folders can be accessed from the server side.

Currently when I run the SFTP client demo it shows the contents of the entire root (C:) folder of the server. How do I get it to start at a different level or even a mapped drive?


C: drive
SFTP Folder
Program Files

At this point the client must navigate to the SFTP Folder directory and then to either Uploads or Downloads. Is there a way that the server displays the SFTP Folder as the "root" so that only the Uploads and Downloads folders appear in the listing? Also, I would like to restrict access to other folders so that it appears that the Uploads and Downloads folders are the entire contents of the drive.

I hope this makes sense. Thanks.
Posted: 05/28/2009 00:05:07
by Eugene Mayevski (EldoS Corp.)

The server component itself doesn't access any files. It's the code of the demo application, that does. So you need to modify this code to restrict access or add path translation or do whatever else you need. I can't point you at exact code location as I don't have code near me, but you should start from looking at TElSFTPServer event handlers. This is where the file operations are requested and performed.

Sincerely yours
Eugene Mayevski
Posted: 05/28/2009 00:30:06
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

You should take a look at ServerThread.pas.
There is a number of methods, which corresponds to SFTP functionality, and you should check them. The easiest way to restrict access to only one folder is to change method VirtualPathToReal - replace line
Result := 'C:' + virtualPath; with something like Result := 'C:\RestrictedFolder' + virtualPath;



Topic viewed 987 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!