In sftp, set a specific user to read-only priveleges

[True_Blue]

I have SSH enabled, and a user can log in and download or upload files using SFTP. I'd like to prevent them from being able to delete any of the files on the system, but I don't see an easy way to do this. I kind of see how it can be done with FTP, but I don't want to use FTP, I want to use SFTP. Right now, the permissions for my Volume is to allow everyone to do everything, so that over the network any of my computers can log on and make changes. I believe all of my Windows 7 machines are connecting to the Share anonymously.

If I wanted to limit a user to only read-only, would I have to have all of the Windows 7 machines connect up to the share through an actual user, and then set the permission of the Volume to have Write access only within the group or owner of the user I want? Then the seperate user who has only sftp access, wouldn't be able to write because they wouldn't be the owner or within the group.

That sounds like it would work to me, but I may be wrong. I was hoping there was an easier way to do this.

 

[dfsooner]

I have a similar problem. I want remote access by remote users through SFTP to almost all data on all volumes. However, I want access by all of them to be read-only. In essence, I want privileges assigned to a user, not the volumes. I have three storage volumes spread across 24 drives that each contain a number of ZFS datasets. I have not been able to figure out how to keep the remote users at bay while still having full access personally.

I have a Synology server as well, and with it I can fully control what privileges each user has for any application or volume.

I find the access privileges scheme on FreeNAS to be very confusing and limiting. Can anyone here enlighten me?