Creating A SFTP Account

Ok so, i want to create a SFTP account, that has access to edit/delete/move/upload/download files inside its homefolder and to all the other files/folders that are inside the homefolder.
The account should not be able to go back from the homefolder, like if the home folder is /home/servers it cannot go back to /home..
And the account should not be able to login to SSH.


Similar Content



Making A FTP/SFTP

Ok so, i want to create a SFTP/FTP account, that has access to edit/delete/move/upload/download files inside its homefolder and to all the other files/folders that are inside the homefolder.
The account should not be able to go back from the homefolder, like if the home folder is /home/servers it cannot go back to /home..
And the account should not be able to login to SSH.
Please help me.. i need to get this working...
I'm using CentOS 6.6 64bit
I've followed multiple tutorials, none of them have worked.

Why Vsftp Can Do It, But Openssh Sftp Cannot ? (chroot)

Dear all,

This is long story cut short, with vsftp, if i set this parameters in the vsftp.conf file below

Code:
local_enable=YES
chroot_local_users=YES

I am able to login to the ftp account, see and list my home/user directory, and if i do a cd / or cd .. , i will still be chroot to my /home/user directory.

without, the need to chmod or or chown anything to my /home/user directory

=============================================

With openSSH, internal_sftp, even though I have set the sshd_conf to

Code:
Match user alankoh
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u

I will need to change owner my /home/user directory to have root becomes it owner.
============================================

Q1) why this difference ? How does vsftp chroot without changing the /home/user folder ownership ?

Q2) i realize that openssh ChrootDirectory parameter causes my default login directory to be set as that of the parameter.
(e.g. if i set to "/whatever/xyz", i will be brought to that /whatever/xyz everytime i login to the sftp instead of my /home/user folder.

Why ? I thought that ChrootDirectory is just a security measure to specify the directory to go to in case the user cd to root (e.g. cd /), else not, i should still go to my /home/user folder everytime i login to sftp.

Regards,
Noob

Sftp User Unable To See Mounted --bind Directories. Works With Vsftpd Via Ftp

Is there an sftp package that can be used which is more flexible then the ssh internal ftp server. I have been tasked with providing an /srv/ftp/ directory which includes

mount -bind other_directory1 /srv/ftp/d1
mount -bind other_driectory2 /srv/ftp/q2

...etc

Since sftp via ssh demands that all directories be owned by root I have a problem. The 'other directories' are owned by different sets of groups. We have engineers who will have carte blanche access. I have another group 'manufacturing' who will need to be chrooted to /var/ftp/. They will need to see directories underneath /var/ftp/ and nothing else. We don't want them to be able to cd to any other part of the system. Manufacturing does not have any account on the machine. My last group sales has an account on the server. I have been able to chroot them to there home folder where they also have the same mount --binded directories. Management would like sales to be able to ftp as well as sftp with read only access to the sub directories under their home directory. It is allowable to have them sftp to /srv/ftp/ and ftp to /home/sale/. I would suppose that this may mean that I use a different tool to implement sftp rather then use ssh. Here are my setup files for ssh

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
UseDNS no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseLogin yes
Banner /etc/issue.net
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no

Match group ftpgroup
ChrootDirectory /srv/ftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/lib/openssh/sftp-server
PasswordAuthentication yes

Can't Access Admin Account

I just created a Guest user account. When I rebooted, it went right into the Guest Account, without allowing me to choose and log in to the admin account. I tried Login Window and New Login in Administration panel. I tried Logout, but nothing happened when trying.

Understanding Configuration Files Better

Hey, I'm aware that /etc/ stores config files and in my home directory I also have dot files as well as a .config folder.

And I'm told not to edit /etc/ but create a copy in my home directory to preserve original files. Is it as simple as creating the full path the same as /etc/ and editing it in home folder?

Ideally this is how I hope it works, because I don't want to edit /etc/ and end up with a bunch of custom, non default files.

Nobody User Account Passwd Shows Expired

A few of my servers show that this user id has expired.

I know that this is the name of a user account and group account and if I check out /etc/passwd there is an entry under /sbin/nologin. And, if I check under say top -u nobody, I don't see anything running for that user account. However that is the extent of my knowledge on this user account.

Should I be concerned that the passwd for this account is expired or are there cron jobs/programs that rely on this account?

thanks

Chgrp Not Changing A File?

Hello,

OS: CentOS 6.3

Background:
I'm trying to set up a situation where my FTP account is in a group where my phpbb forums were created. This will allow me to upload changes as I customize my forums (ie: .css files). However, right now, my problem is that I'm running into invalid permissions and the only way to move the files is to upload the file to a directory my FTP account has access too and then sudo cp the file over. Upon closer inspection of my files, it appears the groups the files have been made under are not the correct group.

Problem:
I am trying to use chgrp on a specific file to change the group owner to the group my FTP account is a member of but it does not seem to be working. Here is a snippet of what I'm doing:

Code:
zzz@aaaa:/var/www/html/yyy/forums/styles/GlossyBlack/theme]$ sudo chgrp apache colours.css -v
group of `colours.css' retained as apache
zzz@aaaa:/var/www/html/yyy/forums/styles/GlossyBlack/theme]$ ls
total 164
drwxr-xr-x 3 5645316 apache  4096 Mar 27 15:11 .
drwxr-xr-x 6 5645316 apache  4096 Nov 18  2012 ..
-rw-r--r-- 1  root     apache 23480 Mar 27 19:05 colours.css

I'm not sure why it still says root so I suspect I am doing something incorrect. When looking around, at first it seemed chgrp could change group owner on files but as I dug more, it seemed it can also change groups themselves. So I'm a little confused and require some clarity of experts.

I hope changing the group owner of this file will give access to my FTP account so I can apply this change to all needed locations.

Thanks.

Hidden Folders And Files Become Viewable In Home Directory

Hi guys,
.
For no apparent actions from me, hidden folders and files show
in my /user/home directory, they are as follows:-

folders:
.adobe .cache .config .cups .filezilla .gimp-2.8 .gnupg .gphoto .gstreamer-0.10 .icedtea .java .local .macromedia .mozilla .pki .thumbnails

Files:
.bash_history .bashrc .esd_auth .ICEauthority

In my / directory
File: ./readahead

Seeking help to verify the above folder and files are not from a harmful source or application?

If they do not post any thread to the system, how can I conceal
these folders and files, so that they don't show up any more in
my home and / directory ?

Many thanks.

Mint KDE Instalation And Lost Files

Some weeks ago I installed Linux Mint 17.1 Cinamin. Yesterday I installed 17.1 KDE. Now I have an home directory with empty set of user folders. I did find all of my files under devices 129.0 GiB Hard drive, including the old Home folder. How do I get my old files back to where I can use them?

Creating Icedove Email Account - What's Going On?

I have Debian 7.7 and have just installed Icedove email client.
I want to create a free email address so I can have a new email account.

When I launch Icedove, I get a window saying 'Would you like a new email address?'
It then offers a search button for email addresses. Why? If I create an address it will need to be unique - so there's nothing for it to find.
Also, I input an email address I want and it seemed to be saying that the propietary host server (in this case gandi.net) wanted �4 ($6) for the account.

Can someone please say a little more about Icedove? Believe me, there is little to learn from Youtube and the internet.