diff --git a/README.md b/README.md index a7bf69f..15f5fcb 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ The following role variables are relevant: * `sftp_group_name`: The name of the Unix group to which all SFTP users must belong. Defaults to "sftpusers". * `sftp_directories`: A list of directories that need to be created automatically by default for all SFTP user. Defaults to a blank list (i.e. "[]"). * Values can be plain strings, or dictionaries containing `name` and (optionally) `mode` key/value pairs. +* `sftp_start_directory`: A directory that need to be part of sftp_directories values and that is the start directory of new sftp connection. Disable by default with an empty string value. * `sftp_allow_passwords`: Whether or not to allow password authentication for SFTP. Defaults to False. * `sftp_enable_selinux_support`: Whether or not to explicitly enable SELinux support. Defaults to False. * `sftp_enable_logging`: Enable logging. Auth logs will be written to `/var/log/sftp/auth.log`, and SFTP activity logs will be written to `/var/log/sftp/verbose.log`. Defaults to False. diff --git a/defaults/main.yml b/defaults/main.yml index 30fcca3..ef6e45d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,6 +2,7 @@ sftp_home_partition: /home sftp_group_name: sftpusers sftp_directories: [] +sftp_start_directory: '' sftp_allow_passwords: False sftp_enable_selinux_support: False sftp_enable_logging: False diff --git a/tasks/main.yml b/tasks/main.yml index ad8241d..4d5d8dd 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -47,7 +47,7 @@ ChrootDirectory %h AllowTCPForwarding no X11Forwarding no - ForceCommand internal-sftp {{ sftp_enable_logging | ternary('-l VERBOSE', '') }} + ForceCommand internal-sftp {{ sftp_enable_logging | ternary('-l VERBOSE', '') }} {{ (sftp_start_directory in sftp_directories) | ternary('-d /' + sftp_start_directory, '') }} PasswordAuthentication {{ sftp_allow_passwords | ternary('yes', 'no') }} notify: SFTP-Server | Restart sshd diff --git a/tests/test.yml b/tests/test.yml index d5020ae..3f774f4 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -5,6 +5,7 @@ sftp_directories: - test1 - test2 + sftp_start_directory: test1 sftp_users: - name: user1 password: ""