07-28-2011
I figure it out; I modified my /etc/ldap.conf to include the following:
“nss_override_attribute_value loginShell /usr/bin/scponly”
And all 3,000 users inherited the login shell “/usr/bin/scponly” on the machine.
The next problem is how do to I chroot 3,000 sftp users
According to the scponly documentation you will need to specify each user’s home directory to chroot
Unfortunately I have 3,000 different home directories in different directory structure like:
/home/mouse/c4/worker01/usename
/home/angore/c5/worker02/usename
/home/puma/a2/worker03/username
All users authenticate to LDAP
The openssh solution involves modifying /etc/ssh/sshd_config
# Use the following line to *replace* any existing 'Subsystem' line
Subsystem sftp internal-sftp
# These lines must appear at the *end* of sshd_config
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
The problem with the above is how do I specify 3,000 LDAP users “ChrootDirectory” and also make all users a member of sftponly.
How do I chroot sftp, (all users) bearing in mind that all 3,000 users have different directory structure and all authenticate to LDAP?
Can you help or suggest a way to solve the problem? Please
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi
Please help me with the following problem with my script.
The following block of code is not repeating in the while loop and exiting after searching for first message.
input_file
==========
host001-01
host001-02
2008-07-23 13:02:04,651 ConnectionFactory - Setting session state... (2 Replies)
Discussion started by: pcjandyala
2 Replies
2. Solaris
Hi
I am right now facing a strange hardware problem. System get booted with the following error:
Fatal Error Reset
CPU 0000.0000.0000.0003 AFSR 0100.0000.0000.0000 SCE
AFAR 0000.07c6.0000.1000
SC Alert: Host System has Reset
It happen 4 or 5 times and get the same error every time.I... (8 Replies)
Discussion started by: girish.batra
8 Replies
3. AIX
1) when user login to the server the session got colosed. How will resolve?
2) While firing the command ls -l we are not able to see the any files in the director. but over all view the file system using the command df -g it is showing 91% used. what will be the problem?
Thanks in advance. (1 Reply)
Discussion started by: pernasivam
1 Replies
4. Red Hat
Hi,
i've a redhat linux 9 upadated by redhat from 7 version to 9 version. A couple of days ago i was a problem with my mail, in other words i'm not able to get any email nor to send any email. I've a proxy configuration and i tried to set iptables in order to verify the port. The 110,255 and 995... (1 Reply)
Discussion started by: pintalgi
1 Replies
5. UNIX for Dummies Questions & Answers
At work I am trying to get this one Linux machine (let's call it ctesgm07) to behave like another Linux machine that we have (let's call it test007).
test007 returns the following version info:
cat /etc/debian_version: lenny/sid
uname -a: Linux test007 2.6.27-7-generic #1 SMP Tue Nov 4... (0 Replies)
Discussion started by: sllinux
0 Replies
6. AIX
Dear ALL.
I installed AIX OS on customer sites.
but Only one site is too slow when I connected telnet, ftp..
Ping is too fast. but telnet and FTP is not connected..
of course i check the configuration file on aix but it's normal.
Do any Idea??
thanks in advance.
- Jun - (3 Replies)
Discussion started by: Jeon Jun Seok
3 Replies
7. IP Networking
Hi,
This is rather a question from a "user" than from a sys admin, but I think this forum is apropriate for the question.
I have an adress with automatic email forwarding and for some senders (two hietherto), emails are bouncing. This has really created a lot of problems those two time so I... (0 Replies)
Discussion started by: carwe
0 Replies
8. UNIX for Dummies Questions & Answers
I don't know if you guys get this problem sometimes at Terminal but I had been having this problem since yesterday :( Maybe I overdid the Terminal. Even the codes that used to work doesn't work anymore.
Here is what 's happening:
* I wanted to remove lines containing digits so I used this... (25 Replies)
Discussion started by: Nexeu
25 Replies
LEARN ABOUT XFREE86
sftp-server
sftp-server(1M) System Administration Commands sftp-server(1M)
NAME
sftp-server - SFTP server subsystem
SYNOPSIS
/usr/lib/ssh/sftp-server
DESCRIPTION
sftp-server implements the server side of the SSH File Transfer Protocol as defined in the IETF draft-ietf-secsh-filexfer.
sftp-server is a subsystem for sshd(1M) and must not be run directly. There are no options or config settings.
To enable the sftp-server subsystem for sshd add the following to /etc/ssh/sshd_config:
Subsystem sftp /usr/lib/ssh/sftp-server
See sshd_config(4) for a description of the format and contents of that file.
There is no relationship between the protocol used by sftp-server and the FTP protocol (RFC 959) provided by in.ftpd.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
FILES
/usr/lib/sftp-server
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshdu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
sftp(1), ssh(1), ssh-add(1), ssh-keygen(1), sshd(1M), sshd_config(4), attributes(5)
To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the
Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
location.
AUTHOR
Markus Friedl
SunOS 5.10 30 Jul 2003 sftp-server(1M)