Setfacl Help

I can't believe I wrote a looong message and it logged me out when I tried to submit it.

So anyway, in short lines:

- I have a network of sites where all sites share same "images" folder
- I have created /home/_images/entities and symlinked it from all websites
- It works great with Apache, when I open /images/ on any of the sites I get list of images and can view them

The problem is suPHP which changes process ID of the PHP script to the file owner ID, so when I load site1.com, all scripts are executed as user1 (and files/folders created with those scripts belong to user1:user1). When I load site2.com, all scripts are executed as user2 (and files/folders created with those scripts belong to user2:user2). All these users do NOT belong to the same group, and I wouldn't like to change that as it is cPanel/WHM server so I'm afraid I'll screw something up if I change (primary?) group of all users.

Therefore I need to set it up in such way that all newly created folders and files under /home/_images/entities (owned by root) have read/write permissions for everyone.

Here's the command I used:

Code:
setfacl -Rdm o::rwx /home/_images/entities

To check it:
Code:
root@server1 [~]# getfacl /home/_images/entities/
getfacl: Removing leading '/' from absolute path names
# file: home/_images/entities/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx

This looks fine, however when I try upload an image via site1.com it looks like this:

Code:
root@server1 [/home/_images/entities]# ls -l
total 24
drwxrwxrwx+ 5 root    root    4096 Jan 14 06:25 ./
drwxrwxrwx  5 root    root    4096 Jan 12 13:08 ../
drwxrwxr-x+ 3 user1   user1   4096 Jan 14 06:25 1/

And in folder "1" is the image (and thumbs folder):

Code:
root@server1 [/home/_images/entities/1]# ls -l
total 236
drwxrwxr-x+ 3 user1   user1     4096 Jan 14 06:25 ./
drwxrwxrwx+ 5 root    root      4096 Jan 14 06:25 ../
-rw-rw-rw-  1 user1   user1   225569 Jan 14 06:25 689048f221ab7c556f4d482a9d92b2d6.jpg
drwxrwxr-x+ 2 user1   user1   4096 Jan 14 06:25 thumbs/

My questions:

1) Why newly created folders do not have "write" permissions for everyone else [not user and/or group]? If I upload first image from site1.com, then I can't upload other images from any other site, while all sites can display them.

2) What is the + at the end of permissions list? (drwxrwxr-x+)

3) Why newly created files have only "rw" permissions for user, group AND everyone else, and not execute permissions? I don't actually need execute flag set here, but from my command you can see I've set "o::rwx" so it should be there (or not?)

Actually the real problem is #1 - other users can't write to this folder so users can't upload images from other sites nor other sites can create (missing) thumbnails.


Similar Content



Script Not Getting Executed Via CRON

I have a small script1 scheduled via cron to run every 20 mins to invoke script2 if script2 is not running.
When i run script1 from cmd line it works fine but when it is scheduled via cron it doesn't work. Not sure what am i doing wrong here.
I even tried to use absolute path.

Script 1
Code:
#!/bin/sh
/bin/ps -ef |/bin/grep script2.sh |/bin/grep -v $$ > /dev/null 2>&1
if [ $? -ne 0 ]
then
/usr/bin/nohup /home/user1/script2.sh &
fi

CRON LOG :
Feb 9 17:00:01 server1 crond[29771]: (user1) CMD (/home/user1/chk_script1.sh >/dev/null 2>&1)
Feb 9 17:20:01 server1 crond[21095]: (user1) CMD (/home/user1/chk_script1.sh >/dev/null 2>&1)
Feb 9 17:40:01 server1 crond[11218]: (user1) CMD(/home/user1/chk_script1.sh >/dev/null 2>&1)
Feb 9 18:00:01 server1 crond[29961]: (user1) CMD(/home/user1/chk_script1.sh >/dev/null 2>&1)

CRON JOB :
00,20,40 * * * * /home/user1/chk_script1.sh >/dev/null 2>&1

Normal Linux User Recursively Write Access To Apache Document Root

I tried adding two users in apache group and given 775 permission to Document root but user is not able to write into files in DocumentRoot

Tried adding user and DocumentRoot Folder in sudo file but not able to do it recursively

please help


Thanks for reply,
I have already given chmod 775 -R DocumentRoot - for recursively writting permission
You have told to add user in www-data group and chmod 775 -R to DocumentRoot
usermod -a -G www-data <user1>

How can users in www-data can able to write in DocumentRoot which has apache:apache owner and group
please clarify...

Done below steps to solve this:
1) I have created a new group webdata and added required users in this group
2) set sticky bit to document root with below command
setfacl -m g:webdata:rwx -R /path/to/documentroot/
this command will set rwx permission to DocumentRoot so that members in webdata can have full access but still DocumentRoot user and group will be apache

Setuid, Setgid, Sticky Bit

There's something really weird happening with permissions on a directory in linux. I have the directory /dir

Code:
ls -ld /dir
drwxrwxrwx. 2 root root 4096 Jan  8 00:06 dir
chmod 2777 /dir [this sets the setgid bit on]
ls -ld /dir
drwxrwsrwx. 2 root root 4096 Jan  8 00:06 /dir

And this is what I expect it to do.
However, when I change it to setid (WITHOUT setgid), it simply doesn't work. Instead of overwriting, it cumulates:
Code:
chmod 4777 /dir [for setting setuid bit on]
drwsrwsrwx. 2 root root 4096 Jan  8 00:06 /dir

As you can see, the setgid bit is still on together with the setuid! However, if I run:
Code:
chmod -s /dir

then the file has a 0777 permission.

And then again, if I change its permission to 4777 (so setuid):
Code:
chmod 4777 /dir
drwsrwxrwx. 2 root root 4096 Jan  8 00:06 /dir

it acts normally. So the same chmod 4777 acts differently in two different contexts.

I really can't understand it. Basically, I cannot get rid of the setuid/setgid through binary permissions. The sticky bit works fine. Changing from 1777 to 0777 adds and removes "t" respectively. What am I to make of all this? This behaviour makes no sense to make especially given that we can change the permissions to 6777 (setuid + setgid).

Chgrp Not Changing A File?

Hello,

OS: CentOS 6.3

Background:
I'm trying to set up a situation where my FTP account is in a group where my phpbb forums were created. This will allow me to upload changes as I customize my forums (ie: .css files). However, right now, my problem is that I'm running into invalid permissions and the only way to move the files is to upload the file to a directory my FTP account has access too and then sudo cp the file over. Upon closer inspection of my files, it appears the groups the files have been made under are not the correct group.

Problem:
I am trying to use chgrp on a specific file to change the group owner to the group my FTP account is a member of but it does not seem to be working. Here is a snippet of what I'm doing:

Code:
zzz@aaaa:/var/www/html/yyy/forums/styles/GlossyBlack/theme]$ sudo chgrp apache colours.css -v
group of `colours.css' retained as apache
zzz@aaaa:/var/www/html/yyy/forums/styles/GlossyBlack/theme]$ ls
total 164
drwxr-xr-x 3 5645316 apache  4096 Mar 27 15:11 .
drwxr-xr-x 6 5645316 apache  4096 Nov 18  2012 ..
-rw-r--r-- 1  root     apache 23480 Mar 27 19:05 colours.css

I'm not sure why it still says root so I suspect I am doing something incorrect. When looking around, at first it seemed chgrp could change group owner on files but as I dug more, it seemed it can also change groups themselves. So I'm a little confused and require some clarity of experts.

I hope changing the group owner of this file will give access to my FTP account so I can apply this change to all needed locations.

Thanks.

Can't Access Samba Share

I have set up a SFTP which I can connect to, go to the right directory and read/write files to.

The full path is home/sftpuser/SFTP/Customer
The user "sftpuser" I am connecting with is in the group "ftpusers" which has read/write access.

That works fine.

Here is my sshd_config:
Code:
Match Group ftpusers ChrootDirectory /home/%u/
 ForceCommand internal-sftp
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no

However, I made a samba share of the folder Customer, when I go to the IP adress on a Windows machine "\\10.0.0.1\" I can see the folder Customer, when entering it requests user/pass and afterwards gives an error: you have not the right permissions.

In Webmin:
Customer /home/sftpuser/SFTP/Customer Read/write to everyone

My smb.conf:
Code:
[global]
    syslog = 0
    log file = /var/log/samba/log.%m
    read raw = no
    write raw = no
    passdb backend = tdbsam
    workgroup = DOMAIN
    usershare allow guests = yes
    socket options = TCP_NODELAY
    pam password change = yes
    passwd program = /usr/bin/passwd %u
    unix password sync = yes
    obey pam restrictions = yes
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    server role = standalone server
    server string = %h server (Samba, Ubuntu)
    max log size = 1000
    map to guest = bad user
    panic action = /usr/share/samba/panic-action %d
    dns proxy = no



[Customer]
    force create mode = 755
    browsable = yes
    public = yes
    path = /home/sftpuser/SFTP/Customer
    force directory mode = 755
    writeable = yes
    valid users = @ftpusers
    force group = ftpusers
    write list = @ftpusers

I have been struggling for 3 days and am totally out of ideas.

LS -L for the folder:
Code:
total 4
drwxrwx---+ 2 sftpuser ftpusers 4096 Apr  9 11:35 Customer

New Fedora 21 Userid Cannot Start LibreOffice 4.3

I created a new user on my Fedora 21 system so I could demo Fedora and apps to coworkers without leaving my personal account exposed. After logging into the account I launched Firefox and verified connectivity without any problems. Then I launched Libre office and got the following nastygram
Code:
 The application cannot be started. 
LibreOffice user installation could not be processed due to missing access rights. Please make sure that you have sufficient access rights for the following location and restart LibreOffice:

/home/fedorademo/.config/libreoffice/4 

This looks like a variation of the folders being owned by root but that isn't the case with this account as everything is owned by the new account.
Code:
 [fedorademo@tesseract ~]$ pwd
/home/fedorademo
[fedorademo@tesseract ~]$ cd .config
[fedorademo@tesseract .config]$ ll
total 80
<snip>
drwxrwxr-x. 3 fedorademo fedorademo 4096 Feb  9 20:12 libreoffice
<snip>
[fedorademo@tesseract .config]$ cd libreoffice
[fedorademo@tesseract libreoffice]$ ll
total 4
drwx------. 3 fedorademo fedorademo 4096 Feb  9 20:12 4
[fedorademo@tesseract libreoffice]$ cd 4
[fedorademo@tesseract 4]$ ll
total 4
drwxrwxr-x. 9 fedorademo fedorademo 4096 Feb  9 20:42 user
[fedorademo@tesseract 4]$ cd user
[fedorademo@tesseract user]$ ll
total 32
drwxrwxr-x. 2 fedorademo fedorademo 4096 Feb  9 20:42 autotext
drwxrwxr-x. 3 fedorademo fedorademo 4096 Feb  9 20:42 basic
drwxrwxr-x. 2 fedorademo fedorademo 4096 Feb  9 20:42 config
drwxrwxr-x. 3 fedorademo fedorademo 4096 Feb  9 20:42 database
drwxrwxr-x. 2 fedorademo fedorademo 4096 Feb  9 20:12 extensions
drwxrwxr-x. 2 fedorademo fedorademo 4096 Feb  9 20:42 gallery
-rw-------. 1 fedorademo fedorademo  329 Feb  9 20:42 registrymodifications.xcu
drwxrwxr-x. 2 fedorademo fedorademo 4096 Feb  9 20:12 uno_packages
[fedorademo@tesseract user]$ cd  config
[fedorademo@tesseract config]$ ll
total 404
-rw-r--r--. 1 fedorademo fedorademo   4308 Jan 16 18:28 arrowhd.soe
-rw-r--r--. 1 fedorademo fedorademo  48408 Jan 16 18:27 autotbl.fmt
-rw-r--r--. 1 fedorademo fedorademo  30852 Jan 16 18:28 classic.sog
-rw-r--r--. 1 fedorademo fedorademo  13132 Jan 16 18:28 cmyk.soc
-rw-r--r--. 1 fedorademo fedorademo   4408 Jan 16 18:28 gallery.soc
-rw-r--r--. 1 fedorademo fedorademo   5238 Jan 16 18:28 hatching.soh
-rw-r--r--. 1 fedorademo fedorademo  10766 Jan 16 18:28 html.soc
-rw-rw-r--. 1 fedorademo fedorademo   2329 Feb  9 20:12 javasettings_Linux_X86_64.xml
-rw-r--r--. 1 fedorademo fedorademo   2334 Jan 16 18:28 libreoffice.soc
-rw-r--r--. 1 fedorademo fedorademo   6840 Jan 16 18:28 modern.sog
-rw-r--r--. 1 fedorademo fedorademo   5271 Jan 16 18:28 palette.soc
-rw-r--r--. 1 fedorademo fedorademo  31320 Jan 16 18:28 scribus.soc
-rw-r--r--. 1 fedorademo fedorademo 155895 Jan 16 18:28 standard.sob
-rw-r--r--. 1 fedorademo fedorademo  11461 Jan 16 18:28 standard.soc
-rw-r--r--. 1 fedorademo fedorademo   2426 Jan 16 18:28 standard.sod
-rw-r--r--. 1 fedorademo fedorademo   4984 Jan 16 18:28 standard.soe
-rw-r--r--. 1 fedorademo fedorademo   5080 Jan 16 18:28 standard.sog
-rw-r--r--. 1 fedorademo fedorademo   2171 Jan 16 18:28 standard.soh
-rw-r--r--. 1 fedorademo fedorademo   1708 Jan 16 18:28 styles.sod
-rw-r--r--. 1 fedorademo fedorademo   2331 Jan 16 18:28 tango.soc
-rw-r--r--. 1 fedorademo fedorademo  14420 Jan 16 18:28 web.soc
[fedorademo@tesseract config]$ 

And so on
I've tried it with an admin account and a standard account in Fedora 21 and both fail.
I tried it with a standard account in Fedora 20 and it worked.
Fedora 20 is running a slightly older version of Libreoffice 4.2.8.2-2.fc20
Fedora 21 is running 4.3.5.2-11.fc21. Any thoughts on how to troubleshoot this would be appreciated. Right now I can't tell if it is a LibreOffice problem or a Fedora problem. Thanks for reading

What Is The Rsync Flag To Ignore Permissions

I am using Rsync to backup files to a another machine, the users on my fileserver do not exist on the backup server so Rsync throws errors about the permissions. It copies the files fine but I want to get rid of the errors and have Rsync ignore the permissions when backing up.

/backup is a mounted ftp directory

Below is the current command and output:
Code:
root@Fileserver:~# rsync -av --delete /shared/fileshare/ /backup/backup
building file list ... done
created directory /backup/backup
./
manager/
manager/chironfs.txt
manager/cronman.txt
manager/curlftpfs.txt
manager/curlman.txt
manager/getnetaddress.txt
manager/grepman.txt
manager/rsyncman.txt
manager/tarman.txt
public/
user1/
user10/
user2/
user3/
user4/
user5/
user6/
user7/
user8/
user9/
rsync: chown "/backup/backup/manager/.chironfs.txt.c6MbJ7" failed: Operation not                  permitted (1)
rsync: chown "/backup/backup/manager/.cronman.txt.hdBG4P" failed: Operation not                  permitted (1)
rsync: chown "/backup/backup/manager/.curlftpfs.txt.t1sG4L" failed: Operation no                 t permitted (1)
rsync: chown "/backup/backup/manager/.curlman.txt.6oWPoW" failed: Operation not                  permitted (1)
rsync: chown "/backup/backup/manager/.getnetaddress.txt.V8z8Kk" failed: Operatio                 n not permitted (1)
rsync: chown "/backup/backup/manager/.grepman.txt.REh4WW" failed: Operation not                  permitted (1)
rsync: chown "/backup/backup/manager/.rsyncman.txt.ho8VNM" failed: Operation not                  permitted (1)
rsync: chown "/backup/backup/manager/.tarman.txt.BkcmeS" failed: Operation not p                 ermitted (1)

sent 211115 bytes  received 274 bytes  6710.76 bytes/sec
total size is 210263  speedup is 0.99
rsync error: some files could not be transferred (code 23) at main.c(977) [sende                 r=2.6.9]
root@Fileserver:~#

I tried the flag to adding the no flag to -p but it still didn't work, see below:
Code:
root@Fileserver:~# rsync -av --no-p --delete /shared/fileshare/ /backup/backup
building file list ... done
./
manager/
manager/chironfs.txt
manager/cronman.txt
manager/curlftpfs.txt
manager/curlman.txt
manager/getnetaddress.txt
manager/grepman.txt
manager/rsyncman.txt
manager/tarman.txt
public/
user1/
user10/
user2/
user3/
user4/
user5/
user6/
user7/
user8/
user9/
rsync: chown "/backup/backup/manager/.chironfs.txt.6Q3eP2" failed: Operation not permitted (1)
rsync: chown "/backup/backup/manager/.cronman.txt.FC8Orx" failed: Operation not permitted (1)
rsync: chown "/backup/backup/manager/.curlftpfs.txt.mlVSN9" failed: Operation not permitted (1)
rsync: chown "/backup/backup/manager/.curlman.txt.vlJ4b1" failed: Operation not permitted (1)
rsync: chown "/backup/backup/manager/.getnetaddress.txt.LXmft0" failed: Operation not permitted (1)
rsync: chown "/backup/backup/manager/.grepman.txt.SVuaye" failed: Operation not permitted (1)
rsync: chown "/backup/backup/manager/.rsyncman.txt.KTNYqA" failed: Operation not permitted (1)
rsync: chown "/backup/backup/manager/.tarman.txt.zcU90c" failed: Operation not permitted (1)

sent 211115 bytes  received 274 bytes  7686.87 bytes/sec
total size is 210263  speedup is 0.99
rsync error: some files could not be transferred (code 23) at main.c(977) [sender=2.6.9]

Apache Not Working Properly After Update To Debian 8

Hi,
I just upgraded my server from Debian 7 to Debian 8. Everything seemed to go fine. However, Apache doesn't seem to be able to see the web files. If I go to my server's IP, I get an empty directory listing, as if the document root was pointed to an empty directory. However, my apache.conf points to /var/www, and there are indeed files the
Code:
root@maples-server:~# ls -la /var/www/
total 624
drwxr-xr-x  5 www-data www-data   4096 Apr 28 19:35 .
drwxr-xr-x 13 root     root       4096 Mar 28 11:43 ..
lrwxrwxrwx  1 www-data www-data     18 Jan 10 20:47 anthony -> /home/anthony/web/
-rw-------  1 www-data www-data   1455 Apr 23 21:41 .bash_history
-rw-r--r--  1 www-data www-data   3388 Jan 21 19:34 .bashrc
drwxr-xr-x 11 www-data www-data   4096 Apr 23 21:41 chat
lrwxrwxrwx  1 www-data www-data     14 Mar 23 16:20 dad -> /home/dad/web/
drwxr-xr-x  2 root     root       4096 Mar 15 05:52 html
-rw-r--r--  1 www-data www-data    323 Mar 26 18:35 index.htm
drwx------  2 www-data www-data   4096 Jan 21 19:50 Mail
-rw-r--r--  1 anthony  anthony  592795 Apr 23 19:52 phpfreechat-1.7.tar.gz
-rw-r--r--  1 www-data www-data     41 Apr 15 21:52 robots.txt
-rw-------  1 www-data www-data   1541 Apr 23 21:41 .viminfo

Here's my apache.conf (with the comments stripped; there were no "end of line" comments):

Code:
root@maples-server:~# cat /etc/apache2/apache2.conf | grep -v "#"

Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 5


User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

Include ports.conf


<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>

<Directory /usr/share>
	AllowOverride None
	Require all granted
</Directory>

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
	Require all denied
</FilesMatch>


LogFormat "v:p h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent


IncludeOptional conf-enabled/*.conf

IncludeOptional sites-enabled/*.conf

I also checked sites-enabled/000-default, and everything seems to be fine the
Code:
root@maples-server:~# cat /etc/apache2/sites-enabled/000-default 
<VirtualHost *:80>

	DocumentRoot /var/www
	<Directory />
		Options FollowSymLinks
		AllowOverride All
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride All
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Additionally, the connections are no longer showing up in /var/log/apache2/access.log. The last access time in that file is from before the update. I don't know enough about systemd to know if it is responsible for redirecting the logs to somewhere else...

At this point, I have no idea why it's not working. If anyone could point me in the right direction, I would really appreciate it.
Thanks!

EDIT: After looking around some more, it seems that the output of "apachectl -S" is helpful. So here it is:
Code:
root@maples-server:~# apachectl -S
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33

It appears that it's looking in a subdirectory html, which was not the case previously (before the upgrade). I've currently got a (ugly but useable) work-around using a symlink:
Code:
root@maples-server:~# cd /var/www/
root@maples-server:/var/www# rm -r html/
root@maples-server:/var/www# ln -s /var/www/
root@maples-server:/var/www# mv www html
root@maples-server:/var/www# ls -l html
lrwxrwxrwx 1 root root 9 Apr 28 22:36 html -> /var/www/

While this does work, I'd like to find the proper way of doing it. Any ideas?

Problem With NFS Sharing Between Two Raspberry Pis

I have two raspberrys, one running OSMC and another running raspbian. The first one has two 1TB hard drives plugged in through a powered usb hub. I want to access to the osmc hard drives from the one running raspbian. They are both in the same local network, the osmc one has the ip 192.168.1.24 and the raspbian one has 192.168.1.28. Both are static ips.

These are the hard drives::
Code:
osmc@osmc:~$ ls /media/ -la
total 36
drwxr-xr-x  4 root root  4096 Mar 31 18:28 .
drwxr-xr-x 23 root root  4096 Mar 15 13:35 ..
drwx------  1 osmc osmc  8192 Mar 30 21:54 ELEMENTS
-rw-r--r--  1 root root   232 Mar  6 13:34 README
drwx------  1 osmc osmc 16384 Mar 30 15:22 TOURO

ELEMENTS and TOURO, two ntfs hard drives that work just fine.

I tried sharing the first one through nfs with the following config (i copied the parameters from a tutorial):
Code:
osmc@osmc:~$ cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#
/media/ELEMENTS/Pelis/ 192.168.1.0/24(rw,subtree_check,insecure,no_root_squash)
/media/TOURO/Series/ 192.168.1.0/24(rw,subtree_check,insecure,no_root_squash)

and from the pi running raspbian I have confirmed that I can see the drives being shared:
Code:
 /media $ showmount -e 192.168.1.24
Export list for 192.168.1.24:
/media/TOURO/Series/   192.168.1.0/24
/media/ELEMENTS/Pelis/ 192.168.1.0/24

Now, when I try to mount them, all works fine, but when I ls the folders nothing cames back. This is my fstab:
Code:
1cat /etc/fstab
proc            /proc           proc    defaults          0       0
/dev/mmcblk0p1  /boot           vfat    defaults          0       2
/dev/mmcblk0p2  /               ext4    defaults,noatime  0       1
# a swapfile is not a swap partition, so no using swapon|off from here on, use  dphys-swapfile swap[on|off]  for that
UUID=fdff96e6-816c-d001-e05f-96e6816cd001 /media/hdd/ auto defaults,user 0 0 #external hdd

192.168.1.24:/media/ELEMENTS/Pelis /media/pelis nfs rsize=8192,wsize=8192,timeo=14,intr
192.168.1.24:/media/TOURO/Series /media/series nfs rsize=8192,wsize=8192,timeo=14,intr

Code:
apoc@raspbian ~ $ ls /media/pelis/
apoc@raspbian ~ $

The superweird thing is that they are mounted, as they show up if I run "df -h"

Code:
 df -h
S.ficheros                         Tamaņo Usados  Disp Uso% Montado en
rootfs                               7,2G   2,6G  4,4G  37% /
/dev/root                            7,2G   2,6G  4,4G  37% /
devtmpfs                             484M      0  484M   0% /dev
tmpfs                                 98M   380K   98M   1% /run
tmpfs                                5,0M      0  5,0M   0% /run/lock
tmpfs                                195M      0  195M   0% /run/shm
/dev/mmcblk0p1                        56M    15M   42M  26% /boot
/dev/sda1                            219G   4,7G  202G   3% /media/hdd
192.168.1.24:/media/ELEMENTS/Pelis   932G   742G  191G  80% /media/pelis
192.168.1.24:/media/TOURO/Series     932G   813G  120G  88% /media/series

Code:
ls /media/ -la
total 808
drwxr-xr-x  5 root root   4096 abr  2 18:36 .
drwxr-xr-x 22 root root   4096 mar 25 16:14 ..
drwxr-xr-x  5 apoc apoc   4096 abr  2 13:12 hdd
drwx------  1 apoc pi   786432 mar 30 22:03 pelis
drwx------  1 apoc pi    28672 mar 29 16:09 series

Note that the group for the two folders is "pi", but if I umount the drives it becomes "apoc" (my nick and my personal group).
Code:
ls /media/ -la
total 20
drwxr-xr-x  5 root root 4096 abr  2 18:36 .
drwxr-xr-x 22 root root 4096 mar 25 16:14 ..
drwxr-xr-x  5 apoc apoc 4096 abr  2 13:12 hdd
drwxr-xr-x  2 apoc apoc 4096 abr  2 18:36 pelis
drwxr-xr-x  2 apoc apoc 4096 abr  2 18:36 series

Both users ("osmc" in the osmc pi and "apoc" in the raspbian one) have the same uid: 1000.

What am i doing wrong?

Why Vsftp Can Do It, But Openssh Sftp Cannot ? (chroot)

Dear all,

This is long story cut short, with vsftp, if i set this parameters in the vsftp.conf file below

Code:
local_enable=YES
chroot_local_users=YES

I am able to login to the ftp account, see and list my home/user directory, and if i do a cd / or cd .. , i will still be chroot to my /home/user directory.

without, the need to chmod or or chown anything to my /home/user directory

=============================================

With openSSH, internal_sftp, even though I have set the sshd_conf to

Code:
Match user alankoh
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u

I will need to change owner my /home/user directory to have root becomes it owner.
============================================

Q1) why this difference ? How does vsftp chroot without changing the /home/user folder ownership ?

Q2) i realize that openssh ChrootDirectory parameter causes my default login directory to be set as that of the parameter.
(e.g. if i set to "/whatever/xyz", i will be brought to that /whatever/xyz everytime i login to the sftp instead of my /home/user folder.

Why ? I thought that ChrootDirectory is just a security measure to specify the directory to go to in case the user cd to root (e.g. cd /), else not, i should still go to my /home/user folder everytime i login to sftp.

Regards,
Noob