Share via

Azure SFTP ACL for local sftp account

zasin 15 Reputation points
2024-08-15T22:45:36.9466667+00:00

I need help with configuring acl for an sftp local account down to the container and sub-folder level. Is there a way to accomplish with this azure cli or bash?

User's image

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,118 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 10,340 Reputation points
    2024-08-15T23:27:55.9466667+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    Configuring is possible, but there are some limitations and specific steps involved.

    Check that SFTP support is enabled for your Azure Blob Storage account. This requires that the hierarchical namespace feature is enabled in your storage account.

    You need to create local users for SFTP access. This can be done through the Azure portal under the SFTP settings. You can choose authentication methods such as password or SSH key pairs.

    You can set a home directory for each local user, which determines their default location upon connecting. This can help restrict their access to specific directories

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments
  2. Nehruji R 8,171 Reputation points Microsoft External Staff
    2024-08-16T07:50:55.5533333+00:00

    Hello zasin,

    Greetings! Welcome to Microsoft Q&A Platform.

    Yes, you can configure ACLs for an SFTP local account down to the container and sub-folder level using Azure CLI, Azure PowerShell or via Azure Portal and you can configure based on your required method.

    If you are referring to containers, you need to use ADLS Gen2 for more granular access. Access control lists (ACLs): ACLs give you the ability to apply "finer grain" level of access to directories and files. An ACL is a permission construct that contains a series of ACL entries. Each ACL entry associates security principal with an access level. To learn more, see Access control lists (ACLs) in Azure Data Lake Storage Gen2.

    Also refer - https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support, https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support-authorize-access?tabs=azure-cli.

    If you are referring to Azure File shares, please see: Configure directory and file level permissions over SMB: After you assign share-level permissions, you must first connect to the Azure file share using the storage account key and then configure Windows access control lists (ACLs), also known as NTFS permissions, at the root, directory, or file level. While share-level permissions act as a high-level gatekeeper that determines whether a user can access the share, Windows ACLs operate at a more granular level to control what operations the user can do at the directory or file level.

    Similar thread for reference - https://learn.microsoft.com/en-us/answers/questions/1290110/setting-up-sftp-with-windows-vm-azure-file-share?source=docs

    Hope this answer helps! please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.