Skip to main content
Super User

Return to Question

restructured the question to put the wording all up top and technical detail below so the question and details are not spread out so much. Helped make more clear what OP has done, is having trouble with on the configuration result, and here to ask for help resolving.
Source Link
Vomit IT - Chunky Mess Style
Vomit IT - Chunky Mess Style
  • 41.5k
  • 27
  • 92
  • 124

I've defined a base role and a down-scoping role but it's not working to restrict access to only the user's personal home directory and the users are still able to move about in the bucket.

I wantneed to prevent users from being able to see each othersother user's home directory data. I read something about doing a chroot, but I'm using Transfer users and not even sure that's applicable in my case.

I'm hoping someone here can help me get this figured out or tell me what I'm doing wrong to get it fixed the way I need it to work. Below are the role configurations I've defined.

I have a base role of:

This is not what I want because users are still able to move about in the bucket.

I saw something about doing a chroot, but I'm using Transfer users, is it possible to use chroot in that context?

I want to prevent users from being able to see each others data.

I have a base role of:

This is not what I want because users are still able to move about in the bucket.

I saw something about doing a chroot, but I'm using Transfer users, is it possible to use chroot in that context?

I've defined a base role and a down-scoping role but it's not working to restrict access to only the user's personal home directory and the users are still able to move about in the bucket.

I need to prevent users from being able to see other user's home directory data. I read something about doing a chroot, but I'm using Transfer users and not even sure that's applicable in my case.

I'm hoping someone here can help me get this figured out or tell me what I'm doing wrong to get it fixed the way I need it to work. Below are the role configurations I've defined.

I have a base role of:

Source Link
joel3000
joel3000
  • 123
  • 5

How to restrict user access in AWS Transfer?

I'm trying to setup AWS Transfer to host multiple user accounts like:

/my-bucket/<username>

I want to prevent users from being able to see each others data.

I have a base role of:

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::my-bucket"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::my-bucket/*"
        }
    ]
}

And a downscoping role of

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListHomeDir",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::${transfer:HomeBucket}/${transfer:UserName}"
        },
        {
            "Sid": "AWSTransferRequirements",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Resource": "*"
        },
        {
            "Sid": "HomeDirObjectAccess",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObjectVersion",
                "s3:DeleteObject",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3:::${transfer:HomeDirectory}*"
        }
    ]
}

This is not what I want because users are still able to move about in the bucket.

I saw something about doing a chroot, but I'm using Transfer users, is it possible to use chroot in that context?