prevent user from deleting .ssh/authorized_keys file

We have setup an Ubuntu server for the purpose of provide SFTP accounts for a number of users. Each user has an account and can upload files to their respective home directories. We are using vsftpd and key pairs. The users do not have SSH access.

The issue I'm having is that I'd like to prevent users from modifying or deleting the authorized_keys file in their /home/user/.ssh directory.

Ideally, we'd prefer that they not see or modify these files and directories, all under the /home/user directory:

.bash_logout
.bashrc
.profile
.ssh

And instead, they would only access the /home/user/files directory.

Any suggestions on how to accomplish this?

Thanks.
TrinitySEMAsked:
Who is Participating?
 
LuxanaConnect With a Mentor Commented:
Hi,

make your files immutable. Check this example:

$ echo test > file1
$ cat file1 
test
$ su
Password:  
# chattr +i file1 
# exit
$ cat file1 
test
$ rm file1 
rm: remove write-protected regular file `file1'? y
rm: cannot remove `file1': Operation not permitted

Open in new window


From the above you can see that user still can read this file but will not be able to modify it or remove it.

hope this helps...
0
 
ozoCommented:
rbash
0
 
TrinitySEMAuthor Commented:
Thank you. That worked.

One issue is that I created a test file with the root user account and now that user can't delete the file. Any thoughts on how to remove?

Thanks again.
0
 
LuxanaCommented:
as  root change ownership of this file:

chown username.username /home/username/file
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.