-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuration of multiple SFTP groups #216
Labels
Comments
@sean-nixon It sounds right to me to add support for deeper sftp configuration. As you suggested, we should keep it backwards compatible. Any PRs to make it happen are welcome. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I am trying to reproduce an SFTP config with multiple groups with distinct configurations (chroot, AuthorizedKeysFile, etc.). We have a use case where we want org level users to have chroot set to the full ftp directory and "guest" users to use a sub-directory associated with their user. Right now the cookbook only supports a single SFTP group.
Describe the solution you'd like
Ideally, I'd a hash where each element would correspond to a group and have the related configurations beneath it. For backwards compatibility, it could be something like
default['ssh-hardening']['ssh']['server']['sftp']['extra-groups']
which defaults to nil and is appended to the main group config. So, for example, the attributes would be:would create the config:
Describe alternatives you've considered
I've considered as a workaround disabling SFTP in the attributes and using the generic "extras" config to manually place all of the config necessary for SFTP. I've yet to test this, but it is not ideal because it creates additional burden to maintain and secure that config and could break with future versions of the cookbook.
The text was updated successfully, but these errors were encountered: