this question might sound specific but that is because I'm making my own ssh server (a company needs some specific thing) and it has SFTP but because the server is running as root, it's giving any user that uses the SFTP service access to everyting.

For the bash sessions, it's not a problem because I'm running them like so sudo -H -u $USER bash but the SFTP I'm using doesn't have user auth.

I was wondering how do SSH deals with this because I imagine that the default ssh server is also running as root but maybe the SFTP service that SSH uses allows for authentication.

I was thinking that every time a user logs in I can spawn another of my server but only for SFTP like this sudo -u $USER bash -c "my_server -sftponly" and then the SFTP server will only have access to that users files but I think it's overkill.

Libraries

golang.org/x/crypto/ssh

github.com/pkg/sftp

This question might sound specific but that is because I'm making my own ssh server (a company needs some specific thing) and it has SFTP but because the server is running as root, it's giving any user that uses the SFTP service access to everything.

For the bash sessions, it's not a problem because I'm running them like so

sudo -H -u $USER bash

but the SFTP I'm using doesn't have user authentication.

I was wondering how do SSH deals with this because I imagine that the default ssh server is also running as root but maybe the SFTP service that SSH uses allows for authentication.

I was thinking that every time a user logs in I can spawn another of my server but only for SFTP like this

sudo -u $USER bash -c "my_server -sftponly

and then the SFTP server will only have access to that users files but I think it's overkill.

Libraries

golang.org/x/crypto/ssh
github.com/pkg/sftp