Can we talk about the time a bad SFTP config took down our whole Chicago office?

I was prepping for a data migration at 3am and accidentally set the wrong directory permissions on our main file server, which locked out 200 users for 45 minutes. How do you all handle read-only access for vendors without risking something like this?

2 comments

2 Comments

james_ross20d ago

Amen. Chroot jails are a lifesaver for that exact scenario.

ryan_kim6320d ago

...and honestly, that's not quite how directory permissions work with SFTP in most setups. Usually the issue is more about chroot jails or parent directory write access, not the SFTP config itself. I'd look into using a dedicated SFTP-only user that's locked into a specific folder with group-based permissions. That way the vendor gets their read-only access without touching the main server settings at all. Just my two cents, but a separate user with a chroot jail and no shell access has saved me more than once from a similar 3am disaster.