Making A FTP/SFTP

Ok so, i want to create a SFTP account, that has access to edit/delete/move/upload/download files inside its homefolder and to all the other files/folders that are inside the homefolder.
The account should not be able to go back from the homefolder, like if the home folder is /home/servers it cannot go back to /home..
And the account should not be able to login to SSH.

Dear all,

This is long story cut short, with vsftp, if i set this parameters in the vsftp.conf file below

Code:

local_enable=YES
chroot_local_users=YES

I am able to login to the ftp account, see and list my home/user directory, and if i do a cd / or cd .. , i will still be chroot to my /home/user directory.

without, the need to chmod or or chown anything to my /home/user directory

=============================================

With openSSH, internal_sftp, even though I have set the sshd_conf to

Code:

Match user alankoh
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u

I will need to change owner my /home/user directory to have root becomes it owner.
============================================

Q1) why this difference ? How does vsftp chroot without changing the /home/user folder ownership ?

Q2) i realize that openssh ChrootDirectory parameter causes my default login directory to be set as that of the parameter.
(e.g. if i set to "/whatever/xyz", i will be brought to that /whatever/xyz everytime i login to the sftp instead of my /home/user folder.

Why ? I thought that ChrootDirectory is just a security measure to specify the directory to go to in case the user cd to root (e.g. cd /), else not, i should still go to my /home/user folder everytime i login to sftp.

Regards,
Noob

Is there an sftp package that can be used which is more flexible then the ssh internal ftp server. I have been tasked with providing an /srv/ftp/ directory which includes

mount -bind other_directory1 /srv/ftp/d1
mount -bind other_driectory2 /srv/ftp/q2

...etc

Since sftp via ssh demands that all directories be owned by root I have a problem. The 'other directories' are owned by different sets of groups. We have engineers who will have carte blanche access. I have another group 'manufacturing' who will need to be chrooted to /var/ftp/. They will need to see directories underneath /var/ftp/ and nothing else. We don't want them to be able to cd to any other part of the system. Manufacturing does not have any account on the machine. My last group sales has an account on the server. I have been able to chroot them to there home folder where they also have the same mount --binded directories. Management would like sales to be able to ftp as well as sftp with read only access to the sub directories under their home directory. It is allowable to have them sftp to /srv/ftp/ and ftp to /home/sale/. I would suppose that this may mean that I use a different tool to implement sftp rather then use ssh. Here are my setup files for ssh

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
UseDNS no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseLogin yes
Banner /etc/issue.net
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no

Match group ftpgroup
ChrootDirectory /srv/ftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/lib/openssh/sftp-server
PasswordAuthentication yes

Hey, I'm aware that /etc/ stores config files and in my home directory I also have dot files as well as a .config folder.

And I'm told not to edit /etc/ but create a copy in my home directory to preserve original files. Is it as simple as creating the full path the same as /etc/ and editing it in home folder?

Ideally this is how I hope it works, because I don't want to edit /etc/ and end up with a bunch of custom, non default files.

Hello,

OS: CentOS 6.3

Background:
I'm trying to set up a situation where my FTP account is in a group where my phpbb forums were created. This will allow me to upload changes as I customize my forums (ie: .css files). However, right now, my problem is that I'm running into invalid permissions and the only way to move the files is to upload the file to a directory my FTP account has access too and then sudo cp the file over. Upon closer inspection of my files, it appears the groups the files have been made under are not the correct group.

Problem:
I am trying to use chgrp on a specific file to change the group owner to the group my FTP account is a member of but it does not seem to be working. Here is a snippet of what I'm doing:

Code:

zzz@aaaa:/var/www/html/yyy/forums/styles/GlossyBlack/theme]$ sudo chgrp apache colours.css -v
group of `colours.css' retained as apache
zzz@aaaa:/var/www/html/yyy/forums/styles/GlossyBlack/theme]$ ls
total 164
drwxr-xr-x 3 5645316 apache  4096 Mar 27 15:11 .
drwxr-xr-x 6 5645316 apache  4096 Nov 18  2012 ..
-rw-r--r-- 1  root     apache 23480 Mar 27 19:05 colours.css

I'm not sure why it still says root so I suspect I am doing something incorrect. When looking around, at first it seemed chgrp could change group owner on files but as I dug more, it seemed it can also change groups themselves. So I'm a little confused and require some clarity of experts.

I hope changing the group owner of this file will give access to my FTP account so I can apply this change to all needed locations.

Thanks.

Hi guys,
.
For no apparent actions from me, hidden folders and files show
in my /user/home directory, they are as follows:-

folders:
.adobe .cache .config .cups .filezilla .gimp-2.8 .gnupg .gphoto .gstreamer-0.10 .icedtea .java .local .macromedia .mozilla .pki .thumbnails

Files:
.bash_history .bashrc .esd_auth .ICEauthority

In my / directory
File: ./readahead

Seeking help to verify the above folder and files are not from a harmful source or application?

If they do not post any thread to the system, how can I conceal
these folders and files, so that they don't show up any more in
my home and / directory ?

Many thanks.

I just created a Guest user account. When I rebooted, it went right into the Guest Account, without allowing me to choose and log in to the admin account. I tried Login Window and New Login in Administration panel. I tried Logout, but nothing happened when trying.

Some weeks ago I installed Linux Mint 17.1 Cinamin. Yesterday I installed 17.1 KDE. Now I have an home directory with empty set of user folders. I did find all of my files under devices 129.0 GiB Hard drive, including the old Home folder. How do I get my old files back to where I can use them?

I have set up a SFTP which I can connect to, go to the right directory and read/write files to.

The full path is home/sftpuser/SFTP/Customer
The user "sftpuser" I am connecting with is in the group "ftpusers" which has read/write access.

That works fine.

Here is my sshd_config:
Code:

Match Group ftpusers ChrootDirectory /home/%u/
 ForceCommand internal-sftp
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no

However, I made a samba share of the folder Customer, when I go to the IP adress on a Windows machine "\\10.0.0.1\" I can see the folder Customer, when entering it requests user/pass and afterwards gives an error: you have not the right permissions.

In Webmin:
Customer /home/sftpuser/SFTP/Customer Read/write to everyone

My smb.conf:
Code:

[global]
    syslog = 0
    log file = /var/log/samba/log.%m
    read raw = no
    write raw = no
    passdb backend = tdbsam
    workgroup = DOMAIN
    usershare allow guests = yes
    socket options = TCP_NODELAY
    pam password change = yes
    passwd program = /usr/bin/passwd %u
    unix password sync = yes
    obey pam restrictions = yes
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    server role = standalone server
    server string = %h server (Samba, Ubuntu)
    max log size = 1000
    map to guest = bad user
    panic action = /usr/share/samba/panic-action %d
    dns proxy = no



[Customer]
    force create mode = 755
    browsable = yes
    public = yes
    path = /home/sftpuser/SFTP/Customer
    force directory mode = 755
    writeable = yes
    valid users = @ftpusers
    force group = ftpusers
    write list = @ftpusers

I have been struggling for 3 days and am totally out of ideas.

LS -L for the folder:
Code:

total 4
drwxrwx---+ 2 sftpuser ftpusers 4096 Apr  9 11:35 Customer

Hello,

I am setting up a linux server for gaming and I am using a script to update the files automatically and create a folder with a certain name.

Code:

# !/bin/bash

# A convenience function, to save us some work
update_server() {
	# Read the app id and the directory into a variable

	APP_ID=$1
	DIR=$2

	# Create the directory ( if it does not exist already )
	if [ ! -d "$HOME/$DIR" ]; then
		mkdir -p "$HOME/$DIR"
	fi

	# Uh-oh, it looks like we still have no directory. Report an error.
	if [ ! -d "$HOME/$DIR" ]; then
		# Describe what went wrong
		echo "ERROR! Cannot create directory $HOME/$DIR!"

		# Exit with status code 1 ( which indicates an error )
		exit 1
	fi

	# Call SteamCMD with the app ID we provided and tell it to install
	./bin/steamcmd.sh +login anonymous +force_install_dir "$HOME/$DIR" +app_update $APP_ID validate +quit
}

# Now the script actually runs update_server ( which we just declared above ) with the id of the application ( 4020 is Garry's Mod ) and the name of the directory we want the server to be hosted from:

update_server 4020 "gmodserver"

exit 0

When I run this script, it creates 2 folders on my server : gmodserver and gmodserver? There is no files downloaded in gmodserver. All the files are downloaded in gmodserver?

I looked for a few hours on how to solve this problem but I have no idea what the added ? might be so I am lost as to what to look for. Could you help me on figuring this out?

Thank you.

edit : I am using ubuntu 15.04 x64 if it makes a difference.