SFTP Gateway Support

3.0

Sharing With External Vendors

Overview

SFTP Gateway v3.x has a folder management feature that makes it easier to share files between SFTP users.

This article walks you through configuring a common scenario that we call the "external vendor scenario".

External vendor scenario

Let's say you have multiple SFTP users external to your organization, which we'll call "external vendors". These external vendors are not allowed to see each other's files.

You also have an internal manager that needs read/write access to each external vendor's folder. This internal employee needs to access files via an SFTP client such as FileZilla. This user is not permitted to use SSH or the Google Cloud console as a workaround.

This sharing scenario can be implemented using SFTP Gateway's folder management feature.

Configuration for external vendors

To configure the external vendors, just create each SFTP user with default values.

By default, SFTP users are chrooted in the following path on the default cloud connection:

/users/username/

After creating a few accounts, you should see the folder structure:

/
|--users/
   |--vendor1/
   |--vendor2/
   |--vendor3/

Each SFTP user is chrooted in their respective folder, and cannot traverse to the parent users directory.

Configuration for internal manager

For the internal manager, you want to point their chroot directory to the /users/ folder.

/
|--users/  <-- internal-manager is chrooted here
   |--vendor1/
   |--vendor2/
   |--vendor3/

The internal manager will have read/write access to the /users/ directory, as well as everything nested within (including the vendor chroot directories).

This is the folder structure from the perspective of the internal manager when connecting via SFTP:

/
|--vendor1/
|--vendor2/
|--vendor3/

Video example

For more information, we have a video that walks through setting up this scenario.

PreviousNext