EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Restricting Folder Access for SFTP Server

Posted: 05/27/2009 15:18:05
by Michael Philbrick (Standard support level)
Joined: 05/27/2009
Posts: 5

I am creating an SFTP Server and only the SFTP clients I create will have access to it. However, for additional security purposes, I would like set the default folder and restrict which folders can be accessed from the server side.

Currently when I run the SFTP client demo it shows the contents of the entire root (C:) folder of the server. How do I get it to start at a different level or even a mapped drive?


C: drive
SFTP Folder
Program Files

At this point the client must navigate to the SFTP Folder directory and then to either Uploads or Downloads. Is there a way that the server displays the SFTP Folder as the "root" so that only the Uploads and Downloads folders appear in the listing? Also, I would like to restrict access to other folders so that it appears that the Uploads and Downloads folders are the entire contents of the drive.

I hope this makes sense. Thanks.
Posted: 05/28/2009 00:05:07
by Eugene Mayevski (Team)

The server component itself doesn't access any files. It's the code of the demo application, that does. So you need to modify this code to restrict access or add path translation or do whatever else you need. I can't point you at exact code location as I don't have code near me, but you should start from looking at TElSFTPServer event handlers. This is where the file operations are requested and performed.

Sincerely yours
Eugene Mayevski
Posted: 05/28/2009 00:30:06
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 442

You should take a look at ServerThread.pas.
There is a number of methods, which corresponds to SFTP functionality, and you should check them. The easiest way to restrict access to only one folder is to change method VirtualPathToReal - replace line
Result := 'C:' + virtualPath; with something like Result := 'C:\RestrictedFolder' + virtualPath;



Topic viewed 1074 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!